Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Packed.Delfcrypt / Agent2.AEWD / Shuer2.CFAL found within days of each other...help


  • This topic is locked This topic is locked
21 replies to this topic

#1 Giggy

Giggy

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 14 January 2010 - 06:27 PM

Hello,

I am looking for help due to a few items found by AVG free the other day. I had an alert on my computer about Packed.Delfcrypt being found by AVG, the threat was moved to the vault, but came back immediately and triggered another alarm. I locked thing down, updated then ran AVG and it seems to have successfully removed the threat. However, the next day the AVG scan revealed Agent2.AEWD and Sheur2.cfal were detected. I scanned again and the report came back clean, but I taskmanager, regedit, and gpedit have all been disabled. I followed some advice from a friend and used combofix and things seem to be better, but I still have task manager and gpedit disabled.

I have been reading many of the threads here and now am sorry I didn't come here first. I do not plan on running anything until I am instructed to do so if you guys will still help me since I already took ill advised actions.

I couldn't run rootrepeal because I get a deviceiocontrol error.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jeff at 18:05:30.04 on Thu 01/14/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.698 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\temp\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Internet Explorer Plugin: {a1e88a88-9b9b-45d8-9cdc-39a934318e46} - ijqwv45.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/table-tennis/en/"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhemama29.mail.gm.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {5ADACCB8-7F19-4291-8C2B-B6F7FC206AE1} - rundll32 ijqwv45.dll,laspi

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\emcxzbtd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-30 108552]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2009-11-20 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-29 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-29 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-17 13352]
S3 RTRSys;RTRSys;\??\c:\program files\xsoft\xworking\rsrsys.sys --> c:\program files\xsoft\xworking\rsrsys.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]

=============== Created Last 30 ================

2010-01-14 23:04:51 524288 ----a-w- c:\temp\dds(2).scr
2010-01-12 22:12:51 615 ----a-w- c:\temp\enableregedit.vbs
2010-01-12 21:42:38 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 02:01:14 472064 ----a-w- c:\temp\RootRepeal.exe
2010-01-12 01:57:34 524288 ----a-w- c:\temp\dds.scr
2010-01-12 00:47:48 0 d-----w- C:\ComboFix
2010-01-12 00:20:47 98816 ----a-w- c:\windows\sed.exe
2010-01-12 00:20:47 77312 ----a-w- c:\windows\MBR.exe
2010-01-12 00:20:47 261632 ----a-w- c:\windows\PEV.exe
2010-01-12 00:20:47 161792 ----a-w- c:\windows\SWREG.exe
2010-01-12 00:19:36 3820564 ----a-r- c:\temp\ComboFix.exe
2010-01-08 00:44:17 34 ----a-w- c:\windows\system32\344d4fc9
2010-01-07 13:00:00 8316 ----a-w- c:\windows\system32\vgn
2010-01-07 13:00:00 66560 ----a-w- c:\windows\system32\maae.jpg
2010-01-07 13:00:00 47104 ----a-w- c:\windows\system32\ijqwv45.dll
2010-01-05 01:07:06 27836 ----a-w- C:\Jeff_Gig.jpg
2009-12-27 08:00:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-27 08:00:53 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-12-26 17:34:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-26 17:34:21 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-12-20 23:57:20 23040 ----a-w- C:\Steven1.doc

==================== Find3M ====================

2009-12-09 19:35:35 68356 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2007-02-08 18:54:33 4378 ----a-w- c:\program files\index.html
2006-12-25 14:50:31 33983488 ----a-w- c:\program files\iPod for Windows 2006-01-10.msi
2006-12-25 14:50:26 740864 ----a-w- c:\program files\1033.MST
2006-12-25 14:50:24 4632 -c--a-w- c:\program files\0x0409.ini
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2008-11-10 22:46:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 18:06:23.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:29 AM

Posted 20 January 2010 - 04:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 20 January 2010 - 06:31 PM

Hello myrti,

The two reports are below. The computer seems to be running fine, but has been disconnected from the internet since my original post. It seemed that when connected AVG, Malwarebytes, and spybot continually found items and tried to fix or quarantine them. My taskmanager, regedit, and windows internet explorer were all disabled. I would get them enabled then they would be disabled again a short time later. The only scans since my original post have been the Mcafee and malwarebytes and spybot. I uninstalled AVG and installed mcafee for the firewall.

Thanks!

OTL SCAN:

OTL logfile created on: 1/20/2010 6:16:38 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.51 Gb Total Space | 31.76 Gb Free Space | 21.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 161.71 Gb Free Space | 54.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UPSTAIRS
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 18:14:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2010/01/16 17:51:13 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/16 17:51:12 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/06 15:14:19 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2009/10/28 11:50:32 | 00,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/03 16:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/14 08:29:00 | 00,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/04/19 11:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2006/09/02 18:36:33 | 00,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/04/23 10:00:36 | 00,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSS01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/20 18:14:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/16 17:51:12 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 17:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/04/19 11:26:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2006/09/02 18:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 18:36:33 | 00,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/08 20:52:17 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/08/27 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/04 16:54:12 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2009/05/29 12:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/19 15:11:47 | 00,018,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2008/12/12 17:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/05/17 13:03:51 | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys -- (ggsemc)
DRV - [2008/05/17 13:03:51 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys -- (ggflt)
DRV - [2008/04/14 00:26:08 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/01/15 04:00:00 | 00,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/04/23 12:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 12:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s115obex.sys -- (s115obex)
DRV - [2007/04/23 12:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 12:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 12:54:46 | 00,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/19 11:26:00 | 03,988,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2006/02/10 16:55:36 | 00,034,688 | ---- | M] (Dolphin, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys -- (SAMFILT)
DRV - [2005/09/20 09:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2005/03/11 17:28:09 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/28 14:36:00 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/31 01:17:49 | 00,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/31 01:10:10 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/05 12:40:38 | 00,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/04/06 13:08:06 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 13:07:58 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 13:07:54 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/15 01:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 01:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 01:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 01:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 01:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 01:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 01:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 01:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 01:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/10 15:27:18 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/27 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 03:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/02/09 11:06:22 | 00,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys -- (ndiscm)
DRV - [2004/01/14 19:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 19:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/05/06 09:14:34 | 00,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/03/04 12:56:26 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2002/12/13 03:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2002/08/29 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM)
DRV - [2002/08/28 21:59:12 | 00,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/03/19 09:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2000/07/24 00:01:00 | 00,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKU\S-1-5-21-269647181-305635594-242102428-1007\S-1-5-21-269647181-305635594-242102428-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-269647181-305635594-242102428-1007\S-1-5-21-269647181-305635594-242102428-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-269647181-305635594-242102428-1007\S-1-5-21-269647181-305635594-242102428-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 17:23:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 15:14:25 | 00,000,000 | ---D | M]

[2009/05/17 17:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2009/05/17 17:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/16 18:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\extensions
[2008/11/13 09:43:28 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\searchplugins\askcom.xml
[2008/11/13 09:43:48 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\searchplugins\yahoo-answers.xml
[2008/09/08 08:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2002/04/18 08:39:16 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
[2004/06/15 17:06:26 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/11 19:34:39 | 00,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-269647181-305635594-242102428-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-269647181-305635594-242102428-1007..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-269647181-305635594-242102428-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-269647181-305635594-242102428-1007..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-269647181-305635594-242102428-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-269647181-305635594-242102428-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Reg Error: Value error. File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-269647181-305635594-242102428-1007\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Installation Support)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://usabhemama29.m...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\e4cd48ce725: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/29 20:01:32 | 00,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/17 21:21:01 | 00,026,112 | ---- | M] () - C:\AUTOMATICchart.xls -- [ NTFS ]
O32 - AutoRun File - [2010/01/12 16:37:45 | 00,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- File not found
O33 - MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 18:13:58 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/01/17 18:59:37 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/01/17 18:59:36 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/01/17 18:59:36 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/01/17 18:59:32 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/01/17 18:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/17 18:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/01/17 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/17 18:55:49 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/01/17 18:27:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/16 17:52:27 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/16 17:50:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/15 15:18:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/12 16:42:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 19:57:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/11 19:47:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/11 19:20:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/11 19:20:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/11 19:20:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/11 19:20:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/11 19:20:19 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/27 03:00:53 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2009/12/26 12:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008/04/08 16:26:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2007/11/03 19:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/20 01:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/08/06 20:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/03/08 09:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/03/08 09:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp -> ]
[1668 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jeff\*.tmp files -> C:\Documents and Settings\Jeff\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 18:14:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/01/20 18:05:58 | 00,003,543 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/20 17:52:03 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/20 11:52:03 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/20 05:52:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/19 23:52:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/19 17:52:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/19 00:15:01 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy.job
[2010/01/18 14:56:24 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/18 14:56:16 | 00,093,660 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/18 13:49:06 | 00,768,754 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/18 13:49:06 | 00,197,192 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/01/18 13:49:06 | 00,004,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/18 13:44:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 13:44:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/18 13:43:13 | 11,796,480 | ---- | M] () -- C:\Documents and Settings\Jeff\ntuser.dat
[2010/01/18 13:43:13 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jeff\NTUSER.INI
[2010/01/17 19:04:25 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/17 19:04:25 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/17 19:02:14 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/16 18:16:32 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 17:50:19 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/15 16:44:47 | 14,565,376 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\My Money.mny
[2010/01/15 16:44:45 | 14,524,247 | R--- | M] () -- C:\Documents and Settings\Jeff\My Documents\My Money Backup.mbf
[2010/01/12 17:31:19 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 19:55:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/11 19:34:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/01/10 00:15:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/01/08 19:01:44 | 00,000,948 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/08 17:25:46 | 00,000,034 | ---- | M] () -- C:\WINDOWS\System32\344d4fc9
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 08:00:00 | 00,066,560 | ---- | M] () -- C:\WINDOWS\System32\maae.jpg
[2010/01/07 08:00:00 | 00,008,316 | ---- | M] () -- C:\WINDOWS\System32\vgn
[2010/01/04 20:50:22 | 01,636,864 | ---- | M] () -- C:\removed.doc
[2010/01/04 20:07:06 | 00,027,836 | ---- | M] () -- C:\Jeff_Gig.jpg
[2010/01/01 11:57:05 | 00,019,077 | ---- | M] () -- C:\WINDOWS\silkquit.ini
[2009/12/27 03:00:59 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/12/26 14:50:02 | 00,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2009/12/23 01:30:28 | 00,026,112 | ---- | M] () -- C:\Don Luigi.doc
[2 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp -> ]
[1668 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jeff\*.tmp files -> C:\Documents and Settings\Jeff\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 19:05:21 | 00,003,543 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/17 19:02:14 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/17 18:59:10 | 00,000,356 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/17 18:59:09 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/16 22:14:30 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/16 18:16:32 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 17:53:04 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/16 17:53:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 17:53:02 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 17:53:01 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 17:52:59 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/16 17:50:19 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/11 19:20:47 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/11 19:20:47 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/11 19:20:47 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/11 19:20:47 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/11 19:20:47 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/07 19:44:17 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\344d4fc9
[2010/01/07 08:00:00 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\maae.jpg
[2010/01/07 08:00:00 | 00,008,316 | ---- | C] () -- C:\WINDOWS\System32\vgn
[2010/01/04 20:07:06 | 00,027,836 | ---- | C] () -- C:\Jeff_Gig.jpg
[2009/12/27 03:00:59 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/12/26 14:50:01 | 00,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2009/10/09 20:04:36 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/06/05 17:22:40 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/04/17 14:55:16 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\WavCodec.wff
[2009/02/12 16:28:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2008/11/25 17:44:00 | 00,000,446 | ---- | C] () -- C:\WINDOWS\yukon.ini
[2008/10/28 15:42:26 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/10/28 15:40:09 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/09/17 22:55:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 22:55:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 22:55:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 22:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 22:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 22:55:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/01/25 14:33:10 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\SSLib2.dll
[2008/01/13 20:44:10 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\fusioncache.dat
[2007/12/26 12:43:21 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/26 12:28:30 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2007/12/26 12:28:30 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2007/12/26 12:28:30 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/12/07 11:15:14 | 00,000,105 | ---- | C] () -- C:\WINDOWS\3DT.ini
[2007/11/29 19:34:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/27 15:38:12 | 00,000,336 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2007/08/27 15:35:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2007/05/29 08:51:26 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/03/08 14:14:32 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/08 13:54:33 | 00,004,378 | ---- | C] () -- C:\Program Files\index.html
[2006/12/25 09:55:43 | 00,004,632 | ---- | C] () -- C:\Program Files\0x0409.ini
[2006/12/25 09:55:42 | 00,740,864 | ---- | C] () -- C:\Program Files\1033.MST
[2006/12/25 09:55:36 | 33,983,488 | ---- | C] () -- C:\Program Files\iPod for Windows 2006-01-10.msi
[2006/12/25 09:41:37 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/24 12:39:58 | 00,019,077 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2006/12/19 17:21:18 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/19 17:21:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 18:07:32 | 00,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI
[2006/06/26 15:22:30 | 00,000,848 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/21 14:05:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/16 13:59:12 | 00,000,156 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/07/25 13:28:20 | 00,000,050 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2005/07/24 20:47:26 | 00,000,107 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2005/07/24 20:46:36 | 00,000,123 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/06/22 12:01:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2005/06/17 10:41:50 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/06/17 10:41:50 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/06/17 10:41:50 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/06/17 10:41:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini
[2005/06/17 10:41:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/06/17 10:41:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/06/17 10:41:48 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/06/17 10:41:48 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/06/17 10:41:47 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5150D.INI
[2005/06/17 10:36:47 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI
[2005/06/17 10:30:31 | 00,000,448 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/06/17 10:30:31 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/06/17 10:30:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/06/14 16:04:54 | 00,000,450 | ---- | C] () -- C:\WINDOWS\HENTY.INI
[2005/05/21 18:34:59 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/04/27 19:28:50 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/04/22 20:09:56 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2005/04/22 20:09:56 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2005/04/22 20:09:56 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2005/04/22 20:09:56 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2005/04/22 20:09:56 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2005/04/22 19:21:02 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005/04/22 19:10:06 | 00,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/04/19 19:43:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2005/02/12 22:24:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/30 15:17:14 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/08 19:03:13 | 00,000,459 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/12/04 17:59:24 | 00,000,081 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/04 17:58:39 | 00,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2004/09/25 22:55:47 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/18 23:17:02 | 00,004,980 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/14 09:51:02 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/07 12:00:29 | 00,000,846 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/09/06 10:42:41 | 00,038,170 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\wklnhst.dat
[2004/09/04 08:09:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2004/08/31 01:19:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/31 01:11:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/31 01:09:20 | 00,000,948 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/31 00:57:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 00:57:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/31 00:40:40 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 10:02:24 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/02/10 14:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 14:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/08/29 05:00:00 | 00,018,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\n1277670860_30192879_3289449.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\6069.jpg:SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >




OTL EXTRAS SCAN:

OTL Extras logfile created on: 1/20/2010 6:16:38 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.51 Gb Total Space | 31.76 Gb Free Space | 21.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 161.71 Gb Free Space | 54.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UPSTAIRS
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\WESTWOOD\RA2\game.exe" = C:\WESTWOOD\RA2\game.exe:*:Enabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\WESTWOOD\RA2\patchget.dat" = C:\WESTWOOD\RA2\patchget.dat:*:Enabled:patchgrabber -- (Westwood Studios)
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe" = C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd -- (Pocket Soft, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FA7719-1449-4D8F-8F23-2EED009CC716}" = Smead Viewables
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CA14F11-6F47-4613-8E40-6AC088E464A0}" = Cisco Network Magic
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E217EA-C3E0-402D-8D4F-6189DB74497A}" = Studio 9.4 Patch
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{24D221BA-9BD8-4CFB-92D1-4089B4486252}" = Value Investor
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}" = Pinnacle PCI Performance Enhancer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{6151C127-4B19-439D-8172-D9B71B055809}" = In Search of the Lost Words
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78EFA95D-3310-4035-815B-A46BA4D0C6FA}" = VOB2MPG 2.5
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B84C368-5E6E-43B1-8083-D023E45031D4}" = TMPGEnc 4.0 XPress Trial Version
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BA6530F4-D483-4073-B3D0-021A4BA4818D}" = Evolve Select
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2FB1C9E-00C1-467E-BA75-E3FC6C4ACB3F}" = Pinnacle USB device drivers 2
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Bailey's Book House" = Bailey's Book House
"Brother HL-5150D" = Brother HL-5150D
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Comp" = Composition 2.1
"DeleteViaVoiceContRuntime43_US" = IBM ViaVoice Gold Command Runtime, Version 4.3
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720" = Dell Photo Printer 720
"EADM" = EA Download Manager
"EuroTalk Multimedia Dictionary" = EuroTalk Multimedia Dictionary
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FastStone Image Viewer" = FastStone Image Viewer 2.12
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"KIDS TYPING TUTOR" = KIDS TYPING TUTOR
"Let's Go Read - An Island Adventure" = Let's Go Read - An Island Adventure
"Let's Go Read - An Ocean Adventure" = Let's Go Read - An Ocean Adventure
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quickstart Web Page Studio Pro_is1" = Quickstart Web Page Studio Pro 1.0
"RealPlayer 6.0" = RealPlayer Basic
"Red Alert 2" = Command & Conquer Red Alert 2
"Shockwave" = Shockwave
"SilkQuit_is1" = SilkQuit v2.60
"Snowball Pack for Pocket Tanks Deluxe_is1" = Snowball Pack v1.0 for Pocket Tanks Deluxe
"Stories and More - Time and Place" = Stories and More - Time and Place
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"TurboTax 2008" = TurboTax 2008
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"WT050971" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-269647181-305635594-242102428-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 7:34:47 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/17/2010 7:34:47 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/17/2010 7:47:28 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/17/2010 7:47:28 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/17/2010 8:06:33 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/17/2010 8:06:33 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/17/2010 8:09:03 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/17/2010 8:09:03 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/18/2010 2:49:03 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/18/2010 2:49:03 PM | Computer Name = UPSTAIRS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 1/16/2010 11:22:26 AM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intuit Update Service
service to connect.

Error - 1/16/2010 11:22:26 AM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7000
Description = The Intuit Update Service service failed to start due to the following
error: %%1053

Error - 1/16/2010 11:22:32 AM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440

Error - 1/17/2010 5:18:39 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440

Error - 1/17/2010 7:43:28 PM | Computer Name = UPSTAIRS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm PCLEPCI

Error - 1/17/2010 7:44:51 PM | Computer Name = UPSTAIRS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/17/2010 7:47:08 PM | Computer Name = UPSTAIRS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/17/2010 8:03:26 PM | Computer Name = UPSTAIRS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/20/2010 9:56:00 AM | Computer Name = UPSTAIRS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Edited by myrti, 13 March 2010 - 11:12 AM.
removed personal info


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:29 AM

Posted 20 January 2010 - 06:52 PM

Hi,

please try running gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 20 January 2010 - 09:09 PM

Hello myrti,

I've been having difficulty running GMER. The scan ran for about an hour then came up with a blue screen, application error. Had to reboot. Tried to run in safe mode but I can't get to or see the "scan" button. The scan is running again in normal mode right now. Will post the report as soon as it is done if the scan completes this time.

Thanks,

Jeff

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:29 AM

Posted 20 January 2010 - 09:17 PM

Hi,

if you can not run it in normal mode please try safe mode once. If it fails there as well let me know and I'll give you different tools to run.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 20 January 2010 - 09:23 PM

In safe mode I can't get to the scan button. I know that may sound stupid, but I tried everything to scan, but the resolution is so large in safe mode I can scroll to see it or change the screen resolution? It is still scanning right now in normal mode, we will see how that goes....I am on another computer just in case you were wondering.

Jeff

#8 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 January 2010 - 05:33 AM

Hello myrti,

I tried the scan again in normal and got the blue screen, application error. I was able to start the scan in safe mode last night but woke up to a blue screen and a physical memory dump. The GMER scan appears to be a no go.



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:29 AM

Posted 21 January 2010 - 08:22 AM

Hi,

sorry to hear that. Please run a scan with the following two tools instead then:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 January 2010 - 05:50 PM

Hello myrti,

Ran mbr, here is the log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




Having problems running RootRepeal. Going to reboot and try it again. Wanted to at least post something. I hope this small log is what was supposed to be created by mbr.

Jeff

#11 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 21 January 2010 - 08:51 PM

myrti,

I have tried to run RootRepeal multiple times, in normal and safe mode, no luck. However, I am about 2 1/2 hours into running gmer again. So far so good. I will post the results (if the scan is successfull) later.

Thank you for your help.

Jeff

Edited by Giggy, 21 January 2010 - 08:52 PM.


#12 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 January 2010 - 05:12 AM

GMER log is posted in multiple replies:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 04:36:26
Windows 5.1.2600 Service Pack 3
Running: gjsx3y8j.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\uxrdapow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAEE8778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAEE87738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAEE8774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAEE87837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAEE87863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAEE878D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAEE878BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAEE877CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAEE878FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAEE8780D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAEE87710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAEE87724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAEE8779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAEE87939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAEE878A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAEE8788F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAEE8784D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAEE87925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAEE87911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAEE87776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAEE87762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAEE877F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAEE878E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAEE877E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAEE877B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP AEE877B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568EE9 5 Bytes JMP AEE87811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A382 7 Bytes JMP AEE87893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F600 5 Bytes JMP AEE8778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570441 5 Bytes JMP AEE87766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 805732AD 7 Bytes JMP AEE8793D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 7 Bytes JMP AEE878D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805741D0 5 Bytes JMP AEE87714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057457F 7 Bytes JMP AEE877A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80578606 5 Bytes JMP AEE877E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80578A81 7 Bytes JMP AEE877CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP AEE87750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805836B0 5 Bytes JMP AEE877FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058B58D 5 Bytes JMP AEE87728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058BA5D 5 Bytes JMP AEE87901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590669 7 Bytes JMP AEE878BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D50 7 Bytes JMP AEE87867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952BE 7 Bytes JMP AEE8783B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP AEE8773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD47 5 Bytes JMP AEE8777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA6E 7 Bytes JMP AEE878EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E394 7 Bytes JMP AEE878A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E812 7 Bytes JMP AEE87851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ED05 5 Bytes JMP AEE87915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F16E 5 Bytes JMP AEE87929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB95FC360, 0x24CB9D, 0xE8000020]
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7792760]
init C:\WINDOWS\SYSTEM32\drivers\samfilt.sys entry point in "init" section [0xF756DD00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070050
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F5B
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070033
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F80
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F40
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070088
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700B4
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F1B
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700C5
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070022
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070061
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700A3
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FB6
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050042
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00FA8
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F0009D
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00080
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FC3
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F000CB
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F000BA
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000F7
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000DC
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F43
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F0005B
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F83
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\lsass.exe[492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F5E
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FCD
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F90
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FA1
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0FBC
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\lsass.exe[492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0043
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FB9
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FD4
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0044
.text C:\WINDOWS\system32\lsass.exe[492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\lsass.exe[492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90087
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90076
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F9C
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F9005B
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90039
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900B5
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F6D
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900C6
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F2D
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900E1
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F9004A
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90098
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F9001E
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FCD
.text C:\WINDOWS\system32\svchost.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90F52
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F80FA5
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F8006C
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\svchost.exe[676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80040
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F7004E
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F7000C
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70029
.text C:\WINDOWS\system32\svchost.exe[676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F88
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8007D
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80FA3
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800B3
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80098
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F24
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F35
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F13
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F6D
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F50
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70051
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FCA
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70040
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70F9E
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60053
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60042
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60031
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FD2
.text C:\WINDOWS\system32\svchost.exe[724] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03010FEF
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03010093
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03010078
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03010051
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03010F94
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03010FAF
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 030100BF
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03010F77
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 030100EB
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03010F5C
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03010106
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03010036
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0301000A
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 030100AE
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03010FCA
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0301001B
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 030100D0
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E00051
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E0008E
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E0002C
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E0001B
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E0007D
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E00000
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02E00062
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E00FE5
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02BB0053
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 02BB0FC8
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02BB001D
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02BB0000
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02BB0038
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02BB0FE3
.text C:\WINDOWS\System32\svchost.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02BA0FEF
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02B90000
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02B90FE5
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02B90FD4
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 02B9001B
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900087
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F88
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900F99
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900062
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900040
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900F49
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F5A
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F2E
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009000D1
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F1D
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900051
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F77
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0090002F
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900FDE
.text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009000B6
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F0039
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F0F8D
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0FDE
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F0F9E
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008F004A
.text C:\WINDOWS\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F0FCD
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0FB5
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E0040
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E001B
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0000
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0FC6
.text C:\WINDOWS\System32\svchost.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0FE3
.text C:\WINDOWS\System32\svchost.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F54
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F8A
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0047
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FB6
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F1C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C006E
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0089
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0EF0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C0ED5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0FA5
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F43
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0F01
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B007D
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0025
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0058
.text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0047
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FAD
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0038
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FC8
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A001D
.text C:\WINDOWS\system32\svchost.exe[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FE3
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F4B
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F5C
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0040
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0025
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F26
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0062
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0EFA
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB009D
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0EE9
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0051
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F15
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930076
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930014
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDE
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093005B
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093004A
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FC3
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F9C
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FAD
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD2
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00900FDB
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00900011
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00900FC0
.text C:\WINDOWS\System32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B00FEF
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B00F77
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B0006C
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B0005B
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B00F9E
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B00FB9
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B00F5C
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B00098
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B00F0B
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B00F26
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B00EF0
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B00040
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B00FD4
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B00087
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B00025
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B0000A
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B00F41
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02910FD4
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0291006C
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02910025
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0291000A
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0291005B
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02910FEF
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0291004A
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02910FC3
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02900FAB
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 02900FBC
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02900011
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02900FE3
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02900022
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02900000
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 028E000A
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 028E0FE5
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 028E0FD4
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 028E001B
.text C:\WINDOWS\Explorer.EXE[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028F0000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B8005B
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8004A
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80F66
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F83
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80025
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F3A
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F55
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80EFD
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F0E
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80EE2
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80F9E
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80080
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\System32\svchost.exe[2440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F29
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70036
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B7007D
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B7001B
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70058
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70047
.text C:\WINDOWS\System32\svchost.exe[2440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70FC0
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60040
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FAB
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60000
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60011
.text C:\WINDOWS\System32\svchost.exe[2440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FC6
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02710FE5
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02710067
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02710F72
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02710F8D
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02710040
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02710FA8
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02710084
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02710F3C
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02710F17
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027100B0
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02710EFC
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0271002F
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02710000
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02710F4D
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02710FB9
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02710FD4
.text C:\WINDOWS\system32\wuauclt.exe[2612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02710095
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026F0FAB
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!system 77C293C7 5 Bytes JMP 026F0036
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026F0011
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026F0000
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026F0FC6
.text C:\WINDOWS\system32\wuauclt.exe[2612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026F0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0270002C
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02700FA5
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02700FDB
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02700011
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0270006C
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02700000
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02700FC0
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [90, 8A]
.text C:\WINDOWS\system32\wuauclt.exe[2612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02700047
.text C:\WINDOWS\system32\wuauclt.exe[2612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026E0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat AA9ABD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)


GMER log part two:

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.Sims3Pack@ Sims3Pack
Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant Messenger Protocol
Reg HKLM\SOFTWARE\Classes\aim@URL Protocol
Reg HKLM\SOFTWARE\Classes\aim\shell
Reg HKLM\SOFTWARE\Classes\aim\shell\open
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ "C:\Program Files\AIM\aim.exe" %1
Reg HKLM\SOFTWARE\Classes\Alerter.Alert@ Alert Class
Reg HKLM\SOFTWARE\Classes\Alerter.Alert\CLSID
Reg HKLM\SOFTWARE\Classes\Alerter.Alert\CLSID@ {74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}
Reg HKLM\SOFTWARE\Classes\Alerter.Alert\CurVer
Reg HKLM\SOFTWARE\Classes\Alerter.Alert\CurVer@ Alerter.Alert.1
Reg HKLM\SOFTWARE\Classes\Alerter.Alert.1@ Alert Class
Reg HKLM\SOFTWARE\Classes\Alerter.Alert.1\CLSID
Reg HKLM\SOFTWARE\Classes\Alerter.Alert.1\CLSID@ {74EC0DAF-A972-43D5-A6CC-D819F9EE4E9F}
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler@ CArbusAppHandler Object
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler\CLSID
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler\CLSID@ {5CA1E092-3648-49EA-BBC6-E0CEF2644AFA}
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler\CurVer
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler\CurVer@ ArbusComLib.ArbusAppHandler.1
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler.1@ CArbusAppHandler Object
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\ArbusComLib.ArbusAppHandler.1\CLSID@ {5CA1E092-3648-49EA-BBC6-E0CEF2644AFA}
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}@WHRUBFTNUT3JMXQXKMKSXOBADA1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKLM\SOFTWARE\Classes\ealink@ URL:ealink protocol
Reg HKLM\SOFTWARE\Classes\ealink@URL Protocol
Reg HKLM\SOFTWARE\Classes\ealink\Shell
Reg HKLM\SOFTWARE\Classes\ealink\Shell\Open
Reg HKLM\SOFTWARE\Classes\ealink\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\ealink\Shell\Open\Command@ "C:\Program Files\Electronic Arts\EADM\Core.exe" -external %1
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider@ MBKConfigurationProvider Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider\CLSID@ {9C3C5975-BA54-4e30-81E8-6DA9B4C85188}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider\CurVer
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider\CurVer@ MBKClientEncode.MBKConfigurationProvider.1
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider.1@ MBKConfigurationProvider Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider.1\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKConfigurationProvider.1\CLSID@ {9C3C5975-BA54-4e30-81E8-6DA9B4C85188}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl@ MbkMcApplicationInfoImpl Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl\CLSID@ {0534CD21-AE97-43bd-8F97-DCE77824E0D1}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl\CurVer@ MBKClientEncode.MbkMcApplicationInfoImpl.1
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl.1@ MbkMcApplicationInfoImpl Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MbkMcApplicationInfoImpl.1\CLSID@ {0534CD21-AE97-43bd-8F97-DCE77824E0D1}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider@ MBKMenuProvider Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider\CLSID@ {66F423E8-DAE2-43D3-AD2B-C79C4FD57CFA}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider\CurVer
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider\CurVer@ MBKClientEncode.MBKMenuProvider.1
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider.1@ MBKMenuProvider Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider.1\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.MBKMenuProvider.1\CLSID@ {66F423E8-DAE2-43D3-AD2B-C79C4FD57CFA}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo@ SubInfo Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo\CLSID@ {85620604-2DA7-4CA7-9EB5-F8051C9E3A66}
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo\CurVer
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo\CurVer@ MBKClientEncode.SubInfo.1
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo.1@ SubInfo Class
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\MBKClientEncode.SubInfo.1\CLSID@ {85620604-2DA7-4CA7-9EB5-F8051C9E3A66}
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem@ ManageOem Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem\CLSID@ {D859E279-0112-4e2b-BA62-89F79C0817B7}
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem\CurVer@ McDspWrp.ManageOem.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem.1@ ManageOem Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.ManageOem.1\CLSID@ {D859E279-0112-4e2b-BA62-89F79C0817B7}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr@ McDspDatabaseMgr Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr\CLSID@ {B1D9C20D-FDFF-4a12-9E83-2B5E5FBF8794}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr\CurVer@ McDspWrp.McDspDatabaseMgr.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr.1@ McDspDatabaseMgr Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspDatabaseMgr.1\CLSID@ {B1D9C20D-FDFF-4a12-9E83-2B5E5FBF8794}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem@ McDspFileSystem Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem\CLSID@ {C214E44C-4470-4a9c-9CF7-ECDD2D7EAF08}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem\CurVer@ McDspWrp.McDspFileSystem.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem.1@ McDspFileSystem Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspFileSystem.1\CLSID@ {C214E44C-4470-4a9c-9CF7-ECDD2D7EAF08}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry@ McDspRegistry Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry\CLSID@ {6DDA2F98-F711-411d-8747-493A1F2B75AF}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry\CurVer@ McDspWrp.McDspRegistry.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry.1@ McDspRegistry Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspRegistry.1\CLSID@ {6DDA2F98-F711-411d-8747-493A1F2B75AF}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo@ McDspSystemInfo Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo\CLSID@ {C0BBD0FC-9C37-4b35-846C-75CF20E6EDB8}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo\CurVer@ McDspWrp.McDspSystemInfo.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo.1@ McDspSystemInfo Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McDspSystemInfo.1\CLSID@ {C0BBD0FC-9C37-4b35-846C-75CF20E6EDB8}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider@ McSMProvider Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider\CLSID@ {57659ABA-C700-4d9a-9DB9-9A8EDE0E73B8}
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider\CurVer
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider\CurVer@ McDspWrp.McSMProvider.1
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider.1@ McSMProvider Class
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider.1\CLSID
Reg HKLM\SOFTWARE\Classes\McDspWrp.McSMProvider.1\CLSID@ {57659ABA-C700-4d9a-9DB9-9A8EDE0E73B8}
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration@ McNetworkAppRegistration Class
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration\CLSID
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration\CLSID@ {05EC1CB9-A6DB-4F84-BCFA-FE946299BF71}
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration\CurVer
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration\CurVer@ McNAReg.McNetworkAppRegistration.1
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration.1@ McNetworkAppRegistration Class
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNAReg.McNetworkAppRegistration.1\CLSID@ {05EC1CB9-A6DB-4F84-BCFA-FE946299BF71}
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection@ McConnection Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection\CLSID@ {5308F17B-F67F-4A7C-A9A7-8FB22B54F29F}
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection\CurVer@ McNASvc.McConnection.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection.1@ McConnection Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnection.1\CLSID@ {5308F17B-F67F-4A7C-A9A7-8FB22B54F29F}
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler@ McConnectionHandler Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler\CLSID@ {577E60D7-CD21-4D65-A172-3F64917A8CF7}
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler\CurVer@ McNASvc.McConnectionHandler.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler.1@ McConnectionHandler Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McConnectionHandler.1\CLSID@ {577E60D7-CD21-4D65-A172-3F64917A8CF7}
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection@ McJoinConnection Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection\CLSID@ {91306757-26F4-4965-A309-D28C6887C12D}
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection\CurVer@ McNASvc.McJoinConnection.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection.1@ McJoinConnection Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinConnection.1\CLSID@ {91306757-26F4-4965-A309-D28C6887C12D}
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager@ McJoinManager Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager\CLSID@ {D5AF894B-A363-4F90-9C37-0368FFFDF239}
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager\CurVer@ McNASvc.McJoinManager.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager.1@ McJoinManager Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McJoinManager.1\CLSID@ {D5AF894B-A363-4F90-9C37-0368FFFDF239}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork@ McNetwork Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork\CLSID@ {A67191E1-8FB3-4EB3-8E04-FD94EF5FD098}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork\CurVer@ McNASvc.McNetwork.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork.1@ McNetwork Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetwork.1\CLSID@ {A67191E1-8FB3-4EB3-8E04-FD94EF5FD098}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent@ McNetworkAgent Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent\CLSID@ {24F616A1-B755-4053-8018-C3425DC8B68A}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent\CurVer@ McNASvc.McNetworkAgent.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent.1@ McNetworkAgent Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkAgent.1\CLSID@ {24F616A1-B755-4053-8018-C3425DC8B68A}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode@ McNetworkNode Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode\CLSID@ {844C89B8-2650-4989-A786-BC8A45A202ED}
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode\CurVer@ McNASvc.McNetworkNode.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode.1@ McNetworkNode Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McNetworkNode.1\CLSID@ {844C89B8-2650-4989-A786-BC8A45A202ED}
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager@ McPersistenceManager Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager\CLSID@ {0306503A-6FF4-4F20-AA5C-184A69D16A48}
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager\CurVer@ McNASvc.McPersistenceManager.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager.1@ McPersistenceManager Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McPersistenceManager.1\CLSID@ {0306503A-6FF4-4F20-AA5C-184A69D16A48}
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret@ McSecret Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret\CLSID@ {7B7B67C4-A8E8-4461-B3C6-84E9DE7AE4BB}
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret\CurVer@ McNASvc.McSecret.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret.1@ McSecret Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecret.1\CLSID@ {7B7B67C4-A8E8-4461-B3C6-84E9DE7AE4BB}
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore@ McSecretStore Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore\CLSID@ {492FAE0B-658A-405B-A76C-836A72E0B505}
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore\CurVer
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore\CurVer@ McNASvc.McSecretStore.1
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore.1@ McSecretStore Class
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNASvc.McSecretStore.1\CLSID@ {492FAE0B-658A-405B-A76C-836A72E0B505}
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher@ McAlertLauncher Class
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher\CLSID
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher\CLSID@ {B7C80588-5111-4974-9B21-9F3EBFFF525A}
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher\CurVer
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher\CurVer@ McNDGUI.McAlertLauncher.1
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher.1@ McAlertLauncher Class
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNDGUI.McAlertLauncher.1\CLSID@ {B7C80588-5111-4974-9B21-9F3EBFFF525A}
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl@ NDMispProviderImpl Class
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl\CLSID
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl\CLSID@ {CC180A64-A36C-4D05-9447-F6F21DA599FB}
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl\CurVer
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl\CurVer@ McNDMisp.NDMispProviderImpl.1
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl.1@ NDMispProviderImpl Class
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNDMisp.NDMispProviderImpl.1\CLSID@ {CC180A64-A36C-4D05-9447-F6F21DA599FB}
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController@ McNDController Class
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController\CLSID
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController\CLSID@ {FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController\CurVer
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController\CurVer@ McNDSrv.McNDController.1
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController.1@ McNDController Class
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDController.1\CLSID@ {FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler@ McNDNetworkHandler Class
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler\CLSID
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler\CLSID@ {EB1358E3-48FD-469E-B075-C539955E40C2}
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler\CurVer
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler\CurVer@ McNDSrv.McNDNetworkHandler.1
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler.1@ McNDNetworkHandler Class
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNDSrv.McNDNetworkHandler.1\CLSID@ {EB1358E3-48FD-469E-B075-C539955E40C2}
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode@ McNode Class
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode\CLSID
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode\CLSID@ {D4A23375-2258-4F08-93CF-4F673A1F35CB}
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode\CurVer
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode\CurVer@ McNmcClient.McNode.1
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode.1@ McNode Class
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNode.1\CLSID@ {D4A23375-2258-4F08-93CF-4F673A1F35CB}
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList@ McNodesList Class
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList\CLSID
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList\CLSID@ {F919C6AF-B0EF-4DBC-9A4F-C63F13B71E8B}
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList\CurVer
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList\CurVer@ McNmcClient.McNodesList.1
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList.1@ McNodesList Class
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList.1\CLSID
Reg HKLM\SOFTWARE\Classes\McNmcClient.McNodesList.1\CLSID@ {F919C6AF-B0EF-4DBC-9A4F-C63F13B71E8B}
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid@ McAfee TimeGrid Class
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid\CLSID
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid\CLSID@ {A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid\CurVer
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid\CurVer@ McTGrid.TimeGrid.1
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid.1@ McAfee TimeGrid Class
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid.1\CLSID
Reg HKLM\SOFTWARE\Classes\McTGrid.TimeGrid.1\CLSID@ {A7E4A46C-4CA2-4024-BBF1-A6E43EA7A447}
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr@ McUnifiedJoinMgr Class
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr\CLSID
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr\CLSID@ {A7F1A92B-71FB-4E9D-8191-0A403339B1B7}
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr\CurVer
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr\CurVer@ McUJ.McUnifiedJoinMgr.1
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr.1@ McUnifiedJoinMgr Class
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr.1\CLSID
Reg HKLM\SOFTWARE\Classes\McUJ.McUnifiedJoinMgr.1\CLSID@ {A7F1A92B-71FB-4E9D-8191-0A403339B1B7}
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI@ McUJAcceptJoinGUI Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI\CLSID@ {7E08CCF0-4995-40B0-BB50-793EB0944616}
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI\CurVer
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI\CurVer@ McUJGUI.McUJAcceptJoinGUI.1
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI.1@ McUJAcceptJoinGUI Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI.1\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJAcceptJoinGUI.1\CLSID@ {7E08CCF0-4995-40B0-BB50-793EB0944616}
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI@ McUJInviteGrantGUI Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI\CLSID@ {9660BC68-E00B-42E8-A4EC-43022BD71944}
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI\CurVer
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI\CurVer@ McUJGUI.McUJInviteGrantGUI.1
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI.1@ McUJInviteGrantGUI Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI.1\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJInviteGrantGUI.1\CLSID@ {9660BC68-E00B-42E8-A4EC-43022BD71944}
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJUIHandler.1@ McUJUIHandler Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJUIHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.McUJUIHandler.1\CLSID@ {B5C9D02A-6E54-40FA-83E1-06B32988D890}
Reg HKLM\SOFTWARE\Classes\McUJGUI.MWLGrantHandler@ McUJUIHandler Class
Reg HKLM\SOFTWARE\Classes\McUJGUI.MWLGrantHandler\CLSID
Reg HKLM\SOFTWARE\Classes\McUJGUI.MWLGrantHandler\CLSID@ {B5C9D02A-6E54-40FA-83E1-06B32988D890}
Reg HKLM\SOFTWARE\Classes\McUJGUI.MWLGrantHandler\CurVer
Reg HKLM\SOFTWARE\Classes\McUJGUI.MWLGrantHandler\CurVer@ McUJGUI.McUJUIHandler.1
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl@ ProviderImpl Class
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl\CLSID@ {116A33B5-6BE7-492d-81E1-49D2D2C0DA26}
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl\CurVer@ MISPMBK.ProviderImpl.1
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl.1@ ProviderImpl Class
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MISPMBK.ProviderImpl.1\CLSID@ {116A33B5-6BE7-492d-81E1-49D2D2C0DA26}
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin@ MpsPlugin Class
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin\CLSID@ {08533142-6DAA-40C0-829F-098475E66646}
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin\CurVer@ mps.MpsPlugin.1
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin.1@ MpsPlugin Class
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\mps.MpsPlugin.1\CLSID@ {08533142-6DAA-40C0-829F-098475E66646}
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig@ McPrivacyServiceConfig Class
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig\CLSID
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig\CLSID@ {7EB483B0-414C-4B45-A46C-CF4620531F8F}
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig\CurVer
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig\CurVer@ mpsconfig.McPrivacyServiceConfig.1
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig.1@ McPrivacyServiceConfig Class
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig.1\CLSID
Reg HKLM\SOFTWARE\Classes\mpsconfig.McPrivacyServiceConfig.1\CLSID@ {7EB483B0-414C-4B45-A46C-CF4620531F8F}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHa.1@ PSAccessDeniedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHa.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHa.1\CLSID@ {9395130C-49E0-462d-BC45-C1DBAC6B13A8}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHand@ PSAccessDeniedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHand\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHand\CLSID@ {9395130C-49E0-462d-BC45-C1DBAC6B13A8}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHand\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSAccessDeniedEventHand\CurVer@ MpsEventHandler.PSAccessDeniedEventHa.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHa.1@ PSImageBlockedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHa.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHa.1\CLSID@ {323826AD-B586-45b8-8E04-8736CBE1D670}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHand@ PSImageBlockedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHand\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHand\CLSID@ {323826AD-B586-45b8-8E04-8736CBE1D670}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHand\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSImageBlockedEventHand\CurVer@ MpsEventHandler.PSImageBlockedEventHa.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetec.1@ PSKeywordBlockedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetec.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetec.1\CLSID@ {229000A5-00F3-40b8-8984-F643C4C2952A}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetecti@ PSKeywordBlockedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetecti\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetecti\CLSID@ {229000A5-00F3-40b8-8984-F643C4C2952A}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetecti\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSKeywordDetecti\CurVer@ MpsEventHandler.PSKeywordDetec.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHan.1@ PSPIIDetectedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHan.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHan.1\CLSID@ {A00E0017-CE76-48d9-AD73-465DF3A68702}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHandl@ PSPIIDetectedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHandl\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHandl\CLSID@ {A00E0017-CE76-48d9-AD73-465DF3A68702}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHandl\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSPIIDetectedEventHandl\CurVer@ MpsEventHandler.PSPIIDetectedEventHan.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler@ PSSignInEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler\CLSID@ {5C90092E-A90F-40F3-8155-49F087A3B752}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler\CurVer@ MpsEventHandler.PSSignInEventHandler.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler.1@ PSSignInEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInEventHandler.1\CLSID@ {5C90092E-A90F-40F3-8155-49F087A3B752}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEvent.1@ PSSignInRequiredEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEvent.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEvent.1\CLSID@ {9D3F632F-8427-4744-887B-6BD313EE61A6}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEventHa@ PSSignInRequiredEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEventHa\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEventHa\CLSID@ {9D3F632F-8427-4744-887B-6BD313EE61A6}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEventHa\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignInRequiredEventHa\CurVer@ MpsEventHandler.PSSignInRequiredEvent.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler@ PSSignOutEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler\CLSID@ {14D12A5C-50FF-4fd3-9A4F-EF782812189F}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler\CurVer@ MpsEventHandler.PSSignOutEventHandler.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler.1@ PSSignOutEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSSignOutEventHandler.1\CLSID@ {14D12A5C-50FF-4fd3-9A4F-EF782812189F}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHand.1@ PSUrlVisitedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHand.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHand.1\CLSID@ {8C87D859-EFDC-40ae-9160-6918F459196C}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHandle@ PSUrlVisitedEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHandle\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHandle\CLSID@ {8C87D859-EFDC-40ae-9160-6918F459196C}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHandle\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.PSUrlVisitedEventHandle\CurVer@ MpsEventHandler.PSUrlVisitedEventHand.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHand.1@ SubscriptionEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHand.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHand.1\CLSID@ {49E62177-F1B8-4af7-AF05-1D8731E09A08}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHandle@ SubscriptionEventHandler Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHandle\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHandle\CLSID@ {49E62177-F1B8-4af7-AF05-1D8731E09A08}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHandle\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.SubscriptionEventHandle\CurVer@ MpsEventHandler.SubscriptionEventHand.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents@ UserEvents Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents\CLSID@ {09DBB645-8A30-4141-9ABE-826C1BBDFB10}
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents\CurVer
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents\CurVer@ MpsEventHandler.UserEvents.1
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents.1@ UserEvents Class
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsEventHandler.UserEvents.1\CLSID@ {09DBB645-8A30-4141-9ABE-826C1BBDFB10}
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig@ MpsConfig Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig\CLSID@ {94807D76-62F1-4C85-B794-D0B29E29DAAE}
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig\CurVer
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig\CurVer@ MpsMISP.MpsConfig.1
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig.1@ MpsConfig Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsConfig.1\CLSID@ {94807D76-62F1-4C85-B794-D0B29E29DAAE}
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger@ MpsLogger Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger\CLSID@ {99E69691-3266-4EA2-97FF-DFC40CF90DDC}
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger\CurVer
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger\CurVer@ MpsMISP.MpsLogger.1
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger.1@ MpsLogger Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.MpsLogger.1\CLSID@ {99E69691-3266-4EA2-97FF-DFC40CF90DDC}
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper@ UserHelper Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper\CLSID@ {BD28FB5B-B2D0-4BA8-9755-618B29A95785}
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper\CurVer
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper\CurVer@ MpsMISP.UserHelper.1
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper.1@ UserHelper Class
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMISP.UserHelper.1\CLSID@ {BD28FB5B-B2D0-4BA8-9755-618B29A95785}
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl@ MpsAppImpl Class
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl\CLSID@ {83748E14-8F60-4AB3-8A81-7CECBE2B1CBE}
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl\CurVer@ MpsMspApp.MpsAppImpl.1
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl.1@ MpsAppImpl Class
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsMspApp.MpsAppImpl.1\CLSID@ {83748E14-8F60-4AB3-8A81-7CECBE2B1CBE}
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl@ MpsPCImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl\CLSID@ {DED18043-054A-41E6-A4E6-3DB9D7ED5A57}
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl\CurVer@ MpsPC.MpsPCImpl.1
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl.1@ MpsPCImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPC.MpsPCImpl.1\CLSID@ {DED18043-054A-41E6-A4E6-3DB9D7ED5A57}
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl@ MpsPIIImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl\CLSID@ {532FC642-E718-401B-9CF7-3A542BBDDAFD}
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl\CurVer@ MpsPII.MpsPIIImpl.1
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl.1@ MpsPIIImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPII.MpsPIIImpl.1\CLSID@ {532FC642-E718-401B-9CF7-3A542BBDDAFD}
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl@ MpsPVImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl\CLSID@ {A90B2582-DECF-439B-86B3-7279B2442BA3}
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl\CurVer
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl\CurVer@ MpsPV.MpsPVImpl.1
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl.1@ MpsPVImpl Class
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MpsPV.MpsPVImpl.1\CLSID@ {A90B2582-DECF-439B-86B3-7279B2442BA3}
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion@ MpsVersion Class
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion\CLSID
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion\CLSID@ {12A5109E-F9A9-4A44-B849-2B6B245FC5EB}
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion\CurVer
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion\CurVer@ mpsver.MpsVersion.1
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion.1@ MpsVersion Class
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion.1\CLSID
Reg HKLM\SOFTWARE\Classes\mpsver.MpsVersion.1\CLSID@ {12A5109E-F9A9-4A44-B849-2B6B245FC5EB}
Reg HKLM\SOFTWARE\Classes\Sims3@ URL:Sims3 Protocol
Reg HKLM\SOFTWARE\Classes\Sims3@URL Protocol
Reg HKLM\SOFTWARE\Classes\Sims3\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Sims3\DefaultIcon@ C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe,0
Reg HKLM\SOFTWARE\Classes\Sims3\Shell
Reg HKLM\SOFTWARE\Classes\Sims3\Shell\Open
Reg HKLM\SOFTWARE\Classes\Sims3\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\Sims3\Shell\Open\Command@ "C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe" %1
Reg HKLM\SOFTWARE\Classes\Sims3Pack@ The Sims? 3 Custom Content
Reg HKLM\SOFTWARE\Classes\Sims3Pack\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Sims3Pack\DefaultIcon@ C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe,0
Reg HKLM\SOFTWARE\Classes\Sims3Pack\Shell
Reg HKLM\SOFTWARE\Classes\Sims3Pack\Shell\Open
Reg HKLM\SOFTWARE\Classes\Sims3Pack\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\Sims3Pack\Shell\Open\Command@ "C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe" -file:"%1"
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection@ System Requirements Lab Class
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection\CLSID
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection\CLSID@ {5727FF4C-EF4E-4d96-A96C-03AD91910448}
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection\CurVer
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection\CurVer@ SysReqLab_IND.Detection.1
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection.1@ System Requirements Lab Class
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection.1\CLSID
Reg HKLM\SOFTWARE\Classes\SysReqLab_IND.Detection.1\CLSID@ {5727FF4C-EF4E-4d96-A96C-03AD91910448}
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion@ FWDriverVersion Class
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion\CLSID
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion\CLSID@ {2A9CB814-64EB-4a4e-893E-3846FB71B9E8}
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion\CurVer
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion\CurVer@ VersionDLL.FWDriverVersion.1
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion.1@ FWDriverVersion Class
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion.1\CLSID
Reg HKLM\SOFTWARE\Classes\VersionDLL.FWDriverVersion.1\CLSID@ {2A9CB814-64EB-4a4e-893E-3846FB71B9E8}

---- EOF - GMER 1.0.15 ----
{2A9CB814-64EB-4a4e-893E-3846FB71B9E8}

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:29 AM

Posted 22 January 2010 - 01:05 PM

Hi,

are you still getting notifications for malware from your anti virus program? If so which files are reported as infected?

Please run the following fix to remove some leftovers:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/01/07 19:44:17 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\344d4fc9
    O33 - MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\Shell\AutoRun\command - "" = G:\RECYCLER\recycld.exe -- File not found
    O33 - MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\Shell\open\command - "" = G:\RECYCLER\recycld.exe -- File not found
    O20 - Winlogon\Notify\e4cd48ce725: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 January 2010 - 05:38 PM

Hello myrti,

I haven't been running all the scans so my system would be unchanged while you are helping me. Mcafee is running daily scans and is finding nothing. Should I run malwarebytes and spybot?

I will post the follow up OTL scan shortly.

Thanks,

Jeff




Ran OTL here is the log:


All processes killed
========== OTL ==========
C:\WINDOWS\SYSTEM32\344d4fc9 moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99f7f437-5250-11de-866b-0050bfafa770}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99f7f437-5250-11de-866b-0050bfafa770}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99f7f437-5250-11de-866b-0050bfafa770}\ not found.
File G:\RECYCLER\recycld.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\e4cd48ce725\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 93056 bytes
->Temporary Internet Files folder emptied: 457268 bytes
->FireFox cache emptied: 17448913 bytes

User: All Users

User: Application Data

User: Barb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 3686850 bytes
->FireFox cache emptied: 11200048 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Jeff
->Temp folder emptied: 1561631 bytes
->Temporary Internet Files folder emptied: 8300611 bytes
->Java cache emptied: 141249024 bytes
->FireFox cache emptied: 120743648 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 164108 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Samantha
->Temp folder emptied: 66694 bytes
->Temporary Internet Files folder emptied: 312576 bytes
->Java cache emptied: 29467175 bytes
->FireFox cache emptied: 124021929 bytes

%systemdrive% .tmp files removed: 480400 bytes
%systemroot% .tmp files removed: 7392095 bytes
%systemroot%\System32 .tmp files removed: 407537409 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 692469 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 494695 bytes
RecycleBin emptied: 1840 bytes

Total Files Cleaned = 835.00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01222010_172659

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_R5fZ1wh4fvlXbqP not found!
File\Folder C:\WINDOWS\temp\mcmsc_ralpRB78scZ4Z3s not found!
File\Folder C:\WINDOWS\temp\mcmsc_VZ6Ej5i3l0taCt5 not found!

Registry entries deleted on Reboot...


#15 Giggy

Giggy
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 January 2010 - 05:47 PM

OTL followup scan:

OTL logfile created on: 1/22/2010 5:40:03 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.51 Gb Total Space | 32.38 Gb Free Space | 22.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UPSTAIRS
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jeff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
PRC - C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\SYSTEM32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\SYSTEM32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\BRSS01A.EXE (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jeff\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (getPlus® Helper) getPlus® -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LexBceS) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (Brother XP spl Service) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys ()
DRV - (purendis) -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV - (ggsemc) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NwlnkIpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (motmodem) -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys (Motorola)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s115bus.sys (MCCI Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (SAMFILT) -- C:\WINDOWS\SYSTEM32\DRIVERS\samfilt.sys (Dolphin, Inc.)
DRV - (ialm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (MarvinBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\DRIVERS\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (emAudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys (Pinnacle Systems, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys (eMPIA Technology, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (ASAPIW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (MR97310_USB_DUAL_CAMERA) -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS (Microsoft Corporation)
DRV - (AN983) -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys (ADMtek Incorporated.)
DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation)
DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 29 21 06 24 C8 10 43 BC 20 F7 80 46 25 A9 57 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 02:00:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 17:23:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 15:14:25 | 00,000,000 | ---D | M]

[2009/05/17 17:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2008/09/08 08:29:38 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/17 17:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/21 18:49:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\extensions
[2009/08/07 04:03:51 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/24 17:22:33 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2008/11/13 09:43:28 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\searchplugins\askcom.xml
[2008/11/13 09:43:48 | 00,001,224 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\emcxzbtd.default\searchplugins\yahoo-answers.xml
[2008/09/08 08:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/06 15:14:25 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/06 15:14:18 | 00,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/06 15:14:18 | 00,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2002/04/18 08:39:16 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
[2004/06/15 17:06:26 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll
[2010/01/06 15:14:22 | 00,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/01 21:54:34 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/09/14 08:38:37 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/14 08:38:37 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/29 09:21:54 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/14 08:38:37 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/14 08:38:37 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/14 08:38:37 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/14 08:38:37 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2010/01/11 19:34:39 | 00,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Reg Error: Value error. File not found
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Installation Support)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://usabhemama29.m...om/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Jasc Paint Shop Photo Album Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/29 20:01:32 | 00,000,033 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/17 21:21:01 | 00,026,112 | ---- | M] () - C:\AUTOMATICchart.xls -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 17:26:59 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/21 17:30:49 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Jeff\Desktop\RootRepeal.exe
[2010/01/20 18:13:58 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/01/17 18:59:37 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/01/17 18:59:36 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/01/17 18:59:36 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/01/17 18:59:32 | 00,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/01/17 18:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/17 18:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/01/17 18:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/17 18:55:49 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/01/17 18:27:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/17 18:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/16 17:52:27 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/16 17:50:23 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/15 15:18:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/12 16:42:38 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/11 19:57:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/11 19:47:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/11 19:20:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/11 19:20:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/11 19:20:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/11 19:20:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/11 19:20:19 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/27 03:00:53 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2009/12/26 12:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008/04/08 16:26:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2007/11/03 19:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/08/20 01:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/08/06 20:01:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/03/08 09:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/03/08 09:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[2 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Jeff\*.tmp files -> C:\Documents and Settings\Jeff\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/22 17:36:57 | 00,772,450 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/22 17:36:57 | 00,198,584 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/01/22 17:36:57 | 00,004,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 17:36:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/22 17:36:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/22 17:36:17 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/22 17:36:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/22 17:36:14 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 17:33:49 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/22 17:33:21 | 00,093,660 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/22 17:33:14 | 00,005,041 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/22 17:32:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 17:32:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/22 17:31:22 | 11,796,480 | ---- | M] () -- C:\Documents and Settings\Jeff\ntuser.dat
[2010/01/22 17:31:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Jeff\NTUSER.INI
[2010/01/21 18:41:14 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\gjsx3y8j.exe
[2010/01/21 18:39:32 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/01/21 18:39:31 | 00,000,843 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/01/21 18:39:31 | 00,000,342 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/21 17:51:34 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\settings.dat
[2010/01/21 17:27:44 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\RootRepeal.zip
[2010/01/21 17:24:22 | 00,077,312 | ---- | M] () -- C:\mbr.exe
[2010/01/20 20:53:39 | 00,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/20 19:21:46 | 00,293,376 | ---- | M] () -- C:\60xlcsv1.exe
[2010/01/20 18:14:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/01/19 00:15:01 | 00,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy.job
[2010/01/17 19:04:25 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/17 19:04:25 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/17 19:02:14 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/16 18:16:32 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 17:50:19 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/15 16:44:47 | 14,565,376 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\My Money.mny
[2010/01/15 16:44:45 | 14,524,247 | R--- | M] () -- C:\Documents and Settings\Jeff\My Documents\My Money Backup.mbf
[2010/01/12 17:32:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 19:34:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/01/10 00:15:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/01/08 19:01:44 | 00,000,948 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 08:00:00 | 00,066,560 | ---- | M] () -- C:\WINDOWS\System32\maae.jpg
[2010/01/07 08:00:00 | 00,008,316 | ---- | M] () -- C:\WINDOWS\System32\vgn
[2010/01/05 05:00:29 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/05 05:00:28 | 01,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/01/05 05:00:28 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/01/05 05:00:28 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/01/05 05:00:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/01/05 05:00:28 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/01/05 05:00:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/01/05 05:00:27 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/01/05 05:00:27 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/01/05 05:00:26 | 03,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/05 05:00:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/01/05 05:00:24 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/01/05 05:00:24 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 05:00:24 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/01/05 05:00:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/01/05 05:00:24 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/05 05:00:23 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/01/05 05:00:21 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/01/05 05:00:21 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/01/05 05:00:21 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/01/05 05:00:21 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/01/05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/05 05:00:21 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/05 05:00:21 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/01/05 05:00:20 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/01/05 05:00:20 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/01/04 20:50:22 | 01,636,864 | ---- | M] () -- C:removed.doc
[2010/01/04 20:07:06 | 00,027,836 | ---- | M] () -- C:\Jeff_Gig.jpg
[2010/01/01 11:57:05 | 00,019,077 | ---- | M] () -- C:\WINDOWS\silkquit.ini
[2009/12/31 10:33:27 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/31 10:33:06 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/12/31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/12/27 03:00:59 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/12/26 14:50:02 | 00,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Jeff\*.tmp files -> C:\Documents and Settings\Jeff\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 18:41:11 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\gjsx3y8j.exe
[2010/01/21 18:34:45 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/21 17:51:34 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\settings.dat
[2010/01/21 17:27:41 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\RootRepeal.zip
[2010/01/21 17:24:17 | 00,077,312 | ---- | C] () -- C:\mbr.exe
[2010/01/20 19:21:44 | 00,293,376 | ---- | C] () -- C:\60xlcsv1.exe
[2010/01/17 19:05:21 | 00,005,041 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/17 19:02:14 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/01/17 18:59:10 | 00,000,356 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/01/17 18:59:09 | 00,000,334 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/01/16 22:14:30 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/16 18:16:32 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 17:53:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/16 17:53:02 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/16 17:53:01 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/16 17:52:59 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/16 17:50:19 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/11 19:20:47 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/11 19:20:47 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/11 19:20:47 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/11 19:20:47 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/11 19:20:47 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/07 08:00:00 | 00,066,560 | ---- | C] () -- C:\WINDOWS\System32\maae.jpg
[2010/01/07 08:00:00 | 00,008,316 | ---- | C] () -- C:\WINDOWS\System32\vgn
[2010/01/04 20:07:06 | 00,027,836 | ---- | C] () -- C:\Jeff_Gig.jpg
[2009/12/27 03:00:59 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/12/26 14:50:01 | 00,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3 World Adventures.lnk
[2009/10/09 20:04:36 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/06/05 17:22:40 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/04/17 14:55:16 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\WavCodec.wff
[2009/02/12 16:28:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2008/11/25 17:44:00 | 00,000,446 | ---- | C] () -- C:\WINDOWS\yukon.ini
[2008/10/28 15:42:26 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/10/28 15:40:09 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/09/17 22:55:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 22:55:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 22:55:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 22:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 22:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/17 22:55:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/01/25 14:33:10 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\SSLib2.dll
[2008/01/13 20:44:10 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\fusioncache.dat
[2007/12/26 12:43:21 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/26 12:28:30 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2007/12/26 12:28:30 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2007/12/26 12:28:30 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/12/07 11:15:14 | 00,000,105 | ---- | C] () -- C:\WINDOWS\3DT.ini
[2007/11/29 19:34:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/27 15:38:12 | 00,000,336 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2007/08/27 15:35:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2007/05/29 08:51:26 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/03/08 14:14:32 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/08 13:54:33 | 00,004,378 | ---- | C] () -- C:\Program Files\index.html
[2006/12/25 09:55:43 | 00,004,632 | ---- | C] () -- C:\Program Files\0x0409.ini
[2006/12/25 09:55:42 | 00,740,864 | ---- | C] () -- C:\Program Files\1033.MST
[2006/12/25 09:55:36 | 33,983,488 | ---- | C] () -- C:\Program Files\iPod for Windows 2006-01-10.msi
[2006/12/25 09:41:37 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/24 12:39:58 | 00,019,077 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2006/12/19 17:21:18 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/19 17:21:18 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/08 18:07:32 | 00,000,024 | ---- | C] () -- C:\WINDOWS\MSBSETUP.INI
[2006/06/26 15:22:30 | 00,000,848 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/01/21 14:05:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/11/16 13:59:12 | 00,000,156 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2005/07/25 13:28:20 | 00,000,050 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2005/07/24 20:47:26 | 00,000,107 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2005/07/24 20:46:36 | 00,000,123 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/06/22 12:01:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2005/06/17 10:41:50 | 00,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/06/17 10:41:50 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/06/17 10:41:50 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/06/17 10:41:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5150d.ini
[2005/06/17 10:41:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/06/17 10:41:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2005/06/17 10:41:48 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2005/06/17 10:41:48 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2005/06/17 10:41:47 | 00,015,108 | ---- | C] () -- C:\WINDOWS\HL-5150D.INI
[2005/06/17 10:36:47 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI
[2005/06/17 10:30:31 | 00,000,448 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/06/17 10:30:31 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/06/17 10:30:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/06/14 16:04:54 | 00,000,450 | ---- | C] () -- C:\WINDOWS\HENTY.INI
[2005/05/21 18:34:59 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/04/27 19:28:50 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/04/22 20:09:56 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2005/04/22 20:09:56 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2005/04/22 20:09:56 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2005/04/22 20:09:56 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2005/04/22 20:09:56 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2005/04/22 19:21:02 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005/04/22 19:10:06 | 00,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2005/04/19 19:43:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2005/02/12 22:24:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/30 15:17:14 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/08 19:03:13 | 00,000,459 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/12/04 17:59:24 | 00,000,081 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/12/04 17:58:39 | 00,004,512 | ---- | C] () -- C:\WINDOWS\HMEW.DLL
[2004/09/25 22:55:47 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/18 23:17:02 | 00,004,980 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/14 09:51:02 | 00,038,400 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/07 12:00:29 | 00,000,846 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/09/06 10:42:41 | 00,038,170 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\wklnhst.dat
[2004/09/04 08:09:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2004/08/31 01:19:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/31 01:11:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/31 01:09:20 | 00,000,948 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/31 00:57:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/31 00:57:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/31 00:40:40 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/11 10:02:24 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/02/10 14:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 14:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2002/08/29 05:00:00 | 00,018,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/11/17 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\n1277670860_30192879_3289449.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\6069.jpg:SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

Edited by myrti, 13 March 2010 - 11:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users