Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

g-o-i-n-g-o-n-e-a-r-t-h redirect


  • This topic is locked This topic is locked
31 replies to this topic

#1 jyap79

jyap79

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 01 March 2010 - 02:16 PM

I'm having a very tough time removing this virus, can I please get some help? I'm trying to narrow down what it's called first since a lot of people on here are experiencing similar browser redirect problems. I searched google for g-o-i-n-g-o-n-earth and have found similar threads that I followed, but they don't seem to work. This site scrambles up, and takes me to sites like goingonearth.com or something like that Steps I have taken include using malwarebytes, and even recopying atapi.sys files that were too big (read about doing that on this site and some others). Some detailed help specific for my computer would really be a help! It's taking waaay too much time to keep on trying stuff and it doesn't help. Thanks :/

I've added my Hijack this log just in case anyone can find something on this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:53:05, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32rundll32.exe
C:AcereManageranbmServ.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:acerepmepm-dm.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCommon FilesPWC3800PWCam.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:PROGRA~1LAUNCH~1QtZgAcer.EXE
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcereRecoveryMonitor.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSVM_STI.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:PROGRA~1mcafeemskmskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:Program FilesVeoh NetworksVeohWebPlayerVeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:Program FilesVeoh NetworksVeoh Video CompassSearchRecsPlugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O4 - HKLM..Run: [epm-dm] c:acerepmepm-dm.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [PWCam] C:Program FilesCommon FilesPWC3800PWCam.exe
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [NokiaMServer] C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles startup
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [McENUI] C:PROGRA~1McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [mcagent_exe] "C:Program FilesMcAfee.comAgentmcagent.exe" /runkey
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE PLEOMAX PWC-3800
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyIm...pload_10217.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} (VarovisionPlayer Control) - http://www.melon.com/decophone/common/VarovisionPlayerX.cab
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} (IMBCControl Control) - http://touch.imbc.com/ocx/iMBCControl.ocx
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} (GifFreezerCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goo.../gifFreezer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} (GPKIInstallerX Class) - http://152.99.80.130/gpkisecureweb/setup/GPKIInstaller.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} (melonset Class) - http://www.melon.com/utility/player/vod/package/melonset.cab
O16 - DPF: {AD514D05-9166-4878-A562-D6F30C1986B8} (MelonUp Class) - http://www.melon.com/cab/P3MelSet.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} (IMBCDownload Control) - http://touch.imbc.com/ocx/iMBCDownload.ocx
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com/cab/P3MelWebInstall.cab
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} (ComTop Class) - http://www.arirangtv.com/AlwaysTop.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:Program FilesWinPcaprpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:Program FilesPC Connectivity SolutionServiceLayer.exe

--
End of file - 14390 bytes

Edited by boopme, 02 March 2010 - 01:14 PM.
Moved to Virus, Trojan, Spyware, and Malware Removal ~~boopme


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:55 AM

Posted 06 March 2010 - 05:32 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 06:32 AM

Hi, just passed this thread and found out someone replied it. Thanks! I will get on this tommorow right away (it's kind of late right now)

#4 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 03:01 PM

I will post the log reports first before I post what steps I previously took.
This one is from otl.txt


OTL logfile created on: 11/03/2010 4:39:30 AM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Jon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 1.46 Gb Free Space | 4.10% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 0.49 Gb Free Space | 1.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-77636EF25D
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
PRC - [2010/01/16 12:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 09:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/19 01:28:54 | 000,462,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/08/18 19:38:46 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\Acer\eRecovery\Monitor.exe
PRC - [2005/08/11 19:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/08/11 11:49:32 | 000,114,772 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/08/11 11:49:30 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/08/11 11:48:58 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/08/11 11:48:36 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/08/11 11:48:36 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/05/04 15:04:52 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\PWC3800\PWCam.exe
PRC - [2004/10/15 11:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 11:22:14 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 11:21:38 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/01/21 15:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2005/08/11 11:49:32 | 000,114,772 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/08/11 11:49:30 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/08/11 11:48:36 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/10/15 11:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/15 11:22:14 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/15 11:21:38 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 10:52:16 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 10:52:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 10:52:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 03:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 03:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 01:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/08/17 17:45:20 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/08/09 16:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/30 15:16:58 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/06/30 15:16:06 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/06/30 15:16:02 | 000,716,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/03/19 18:11:22 | 000,090,968 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.45
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/11 18:06:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/07 09:31:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/01/24 05:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/23 06:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/23 06:45:14 | 000,000,000 | ---D | M]

[2009/06/23 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2009/06/23 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions
[2009/09/02 09:14:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 11:20:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/10 04:26:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/05 10:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\cookiepie@nektra.com
[2009/06/23 06:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/09 09:29:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWCam] C:\Program Files\Common Files\PWC3800\PWCam.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyIm...pload_10217.cab (CyImage2Ctl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} http://www.melon.com/decophone/common/VarovisionPlayerX.cab (VarovisionPlayer Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} http://touch.imbc.com/ocx/iMBCControl.ocx (IMBCControl Control)
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} http://www.gmarket.co.kr/challenge/neo_goo.../gifFreezer.cab (GifFreezerCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} http://touch.imbc.com/ocx/Online.cab (IMBCClient Control)
O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://152.99.80.130/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab (KTCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} http://www.csafer.net/activex/mabugsdownload.cab (MABugsDownload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPi...U1.cab?20080604 (CyImage Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} http://player.bugs.co.kr/install/XTools.cab (XTools Control)
O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} http://www.melon.com/utility/player/vod/package/melonset.cab (melonset Class)
O16 - DPF: {AD514D05-9166-4878-A562-D6F30C1986B8} http://www.melon.com/cab/P3MelSet.cab (MelonUp Class)
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} http://install.bugs.co.kr/install/BugsInstallerEx.cab (BugsInstallEx Control)
O16 - DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} http://touch.imbc.com/ocx/iMBCDownload.ocx (IMBCDownload Control)
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com/cab/P3MelWebInstall.cab (MOPlayerWnd2 Class)
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} http://www.melon.com/cab/P3Melon.cab (MOPlayerWnd Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} http://www.arirangtv.com/AlwaysTop.cab (ComTop Class)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 17:45:48 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 16:59:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG Mobile Sync.lnk - C:\Program Files\CYON MobileSync\MobileSync\LG_MobileSync_Launcher_Setup.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe - (Metacafe)
MsConfig - StartUpFolder: C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe - (Metacafe)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 04:36:58 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
[2010/03/11 04:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/10 07:21:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/01 04:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Publisher document
[2010/03/01 04:42:01 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/28 01:30:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/27 17:02:40 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010/02/27 06:41:49 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Jon\Desktop\GooredFix.exe
[2010/02/15 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/15 05:54:56 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jon\Desktop\ATF-Cleaner.exe
[2010/02/11 04:25:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/02/11 04:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/10 03:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\My Documents\Downloads
[2010/02/09 13:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/09 13:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\SUPERAntiSpyware.com
[2010/02/09 13:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/09 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/09 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix
[2010/02/09 12:01:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/09 12:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/02/09 12:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Desktop Hijack Fix
[2010/02/09 11:02:16 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Jon\Desktop\HousecallLauncher.exe
[2010/02/09 09:19:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 05:14:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/09 05:09:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 05:09:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 05:09:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 05:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 05:05:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/09 05:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\ComboFix
[2010/02/04 10:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/04 10:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/07 09:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/05/12 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/08/16 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/16 17:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 17:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 17:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
[2010/03/11 04:07:56 | 000,007,280 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/11 04:07:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/03/11 04:06:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 04:05:08 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\OKZKRGZWC.job
[2010/03/11 04:05:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 04:05:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 04:05:02 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/10 07:47:08 | 009,744,384 | ---- | M] () -- C:\Documents and Settings\Jon\ntuser.dat
[2010/03/10 07:47:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jon\ntuser.ini
[2010/03/02 19:39:30 | 008,379,514 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Ludacris-My Chick Bad_(Remix)_(Feat_Diamond_Trina_&_Eve).mp3
[2010/03/02 03:40:24 | 000,009,739 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\[NDS]Ace_Attorney_Investigations_Miles_Edgeworth[USA].zip.5368922.TPB.torrent
[2010/03/01 10:25:58 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\jonathan_yap_resume.doc
[2010/02/28 01:35:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/28 01:25:40 | 003,874,477 | R--- | M] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2010/02/27 06:41:52 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Jon\Desktop\GooredFix.exe
[2010/02/26 15:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/25 07:29:04 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Preliminary Questionnaire Temp (post-2010_02.2010).doc
[2010/02/15 12:40:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/02/15 05:54:56 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jon\Desktop\ATF-Cleaner.exe
[2010/02/11 18:11:58 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\Jon\My Documents\HIL Schedule (staff final_02.11.2010).xls
[2010/02/11 18:11:44 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\debttrackerv33.xls
[2010/02/11 14:27:22 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/02/10 10:54:52 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\cover.doc
[2010/02/10 03:13:32 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 13:20:52 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 12:36:36 | 000,018,963 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\World_Destruction__Sekai_Bokumetsu_no_Rokunin_.4746792.TPB.torrent
[2010/02/09 12:01:10 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/09 12:01:04 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/02/09 11:02:52 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 11:02:20 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Jon\Desktop\HousecallLauncher.exe
[2010/02/09 05:14:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/09 05:01:24 | 003,845,596 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.zip
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 09:41:35 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 18:55:38 | 008,379,514 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Ludacris-My Chick Bad_(Remix)_(Feat_Diamond_Trina_&_Eve).mp3
[2010/03/02 03:40:22 | 000,009,739 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\[NDS]Ace_Attorney_Investigations_Miles_Edgeworth[USA].zip.5368922.TPB.torrent
[2010/02/27 17:06:13 | 000,007,280 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/25 07:30:17 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Preliminary Questionnaire Temp (post-2010_02.2010).doc
[2010/02/15 12:40:16 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/02/11 18:27:44 | 009,744,384 | ---- | C] () -- C:\Documents and Settings\Jon\ntuser.dat
[2010/02/11 18:07:24 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\Jon\My Documents\HIL Schedule (staff final_02.11.2010).xls
[2010/02/11 04:07:20 | 003,874,477 | R--- | C] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2010/02/10 03:58:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\gmer.exe
[2010/02/09 13:20:50 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 12:36:36 | 000,018,963 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\World_Destruction__Sekai_Bokumetsu_no_Rokunin_.4746792.TPB.torrent
[2010/02/09 11:02:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 05:14:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/09 05:14:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/09 05:09:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 05:09:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 05:09:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 05:09:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 05:09:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 05:01:10 | 003,845,596 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.zip
[2010/02/04 20:10:32 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/29 07:36:48 | 000,006,368 | -HS- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\7tht8
[2008/10/20 03:24:22 | 000,226,792 | ---- | C] () -- C:\WINDOWS\System32\MuzLyrcs.dll
[2008/10/20 03:24:22 | 000,034,280 | ---- | C] () -- C:\WINDOWS\System32\MzWhatImListen2.dll
[2008/05/23 07:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/18 22:32:25 | 000,002,921 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/14 09:33:23 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MABUGS~1.INI
[2007/10/31 11:05:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/09/04 15:27:00 | 000,492,256 | ---- | C] () -- C:\WINDOWS\System32\MelonWebPlayer.dll
[2007/06/05 03:57:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/21 21:40:08 | 000,067,184 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2007/05/13 11:47:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007/05/13 11:43:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2007/05/13 01:48:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll
[2007/05/13 01:48:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MultiLangDll.dll
[2007/05/12 23:37:15 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/18 04:49:32 | 000,395,000 | ---- | C] () -- C:\WINDOWS\System32\MelonWeb.dll
[2006/03/10 16:02:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TouchWeb.dll
[2005/08/19 15:51:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 17:45:58 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005/08/16 17:55:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/16 17:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/16 17:16:16 | 000,000,750 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2005/08/16 17:15:53 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/30 14:44:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2004/03/29 21:09:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MAMACExtract.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,002,772 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2007/11/04 16:04:08 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Jon\My Documents\???.doc) -- C:\Documents and Settings\Jon\My Documents\재가입.doc
[2007/11/04 16:04:05 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Jon\My Documents\???.doc) -- C:\Documents and Settings\Jon\My Documents\재가입.doc
< End of report >

I will post the log reports first before I post what steps I previously took.
This one is from otl.txt


OTL logfile created on: 11/03/2010 4:39:30 AM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Jon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 1.46 Gb Free Space | 4.10% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 0.49 Gb Free Space | 1.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-77636EF25D
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
PRC - [2010/01/16 12:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 09:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/19 01:28:54 | 000,462,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005/08/18 19:38:46 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\Acer\eRecovery\Monitor.exe
PRC - [2005/08/11 19:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/08/11 11:49:32 | 000,114,772 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/08/11 11:49:30 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/08/11 11:48:58 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/08/11 11:48:36 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/08/11 11:48:36 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/05/04 15:04:52 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\PWC3800\PWCam.exe
PRC - [2004/10/15 11:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 11:22:14 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 11:21:38 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/01/21 15:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
MOD - [2004/10/08 14:44:16 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2005/08/11 11:49:32 | 000,114,772 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/08/11 11:49:30 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/08/11 11:48:36 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/06/06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/10/15 11:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/15 11:22:14 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/15 11:21:38 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/27 10:52:16 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/27 10:52:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/27 10:52:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 03:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 03:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 03:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 01:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/08/17 17:45:20 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/08/09 16:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/30 15:16:58 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/06/30 15:16:06 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/06/30 15:16:02 | 000,716,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/10/08 14:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/04 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/03/19 18:11:22 | 000,090,968 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm302.sys -- (ZSMC302)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.45
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/11 18:06:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/07 09:31:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/01/24 05:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/23 06:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/23 06:45:14 | 000,000,000 | ---D | M]

[2009/06/23 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2009/06/23 06:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions
[2009/09/02 09:14:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/09 11:20:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/10 04:26:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/05 10:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\cookiepie@nektra.com
[2009/06/23 06:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/09 09:29:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWCam] C:\Program Files\Common Files\PWC3800\PWCam.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2790021247-3188298651-3769969577-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyIm...pload_10217.cab (CyImage2Ctl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} http://www.melon.com/decophone/common/VarovisionPlayerX.cab (VarovisionPlayer Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} http://touch.imbc.com/ocx/iMBCControl.ocx (IMBCControl Control)
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} http://www.gmarket.co.kr/challenge/neo_goo.../gifFreezer.cab (GifFreezerCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} http://touch.imbc.com/ocx/Online.cab (IMBCClient Control)
O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://152.99.80.130/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab (KTCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} http://www.csafer.net/activex/mabugsdownload.cab (MABugsDownload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPi...U1.cab?20080604 (CyImage Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} http://player.bugs.co.kr/install/XTools.cab (XTools Control)
O16 - DPF: {A65552CC-8138-4D22-BEC8-4D0AFB2786BC} http://www.melon.com/utility/player/vod/package/melonset.cab (melonset Class)
O16 - DPF: {AD514D05-9166-4878-A562-D6F30C1986B8} http://www.melon.com/cab/P3MelSet.cab (MelonUp Class)
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} http://install.bugs.co.kr/install/BugsInstallerEx.cab (BugsInstallEx Control)
O16 - DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} http://touch.imbc.com/ocx/iMBCDownload.ocx (IMBCDownload Control)
O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com/cab/P3MelWebInstall.cab (MOPlayerWnd2 Class)
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} http://www.melon.com/cab/P3Melon.cab (MOPlayerWnd Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} http://www.arirangtv.com/AlwaysTop.cab (ComTop Class)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 17:45:48 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 16:59:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG Mobile Sync.lnk - C:\Program Files\CYON MobileSync\MobileSync\LG_MobileSync_Launcher_Setup.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe - (Metacafe)
MsConfig - StartUpFolder: C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe - (Metacafe)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 04:36:58 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
[2010/03/11 04:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/10 07:21:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/01 04:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Publisher document
[2010/03/01 04:42:01 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/28 01:30:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/27 17:02:40 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010/02/27 06:41:49 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Jon\Desktop\GooredFix.exe
[2010/02/15 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/15 05:54:56 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jon\Desktop\ATF-Cleaner.exe
[2010/02/11 04:25:59 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/02/11 04:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/10 03:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\My Documents\Downloads
[2010/02/09 13:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/09 13:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\SUPERAntiSpyware.com
[2010/02/09 13:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/09 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/09 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix
[2010/02/09 12:01:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/09 12:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/02/09 12:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Desktop Hijack Fix
[2010/02/09 11:02:16 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Jon\Desktop\HousecallLauncher.exe
[2010/02/09 09:19:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 05:14:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/09 05:09:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 05:09:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 05:09:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 05:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 05:05:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/09 05:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\ComboFix
[2010/02/04 10:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/04 10:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/07 09:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/05/12 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2005/08/16 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/08/16 17:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 17:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 17:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 04:37:16 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\Desktop\OTL.exe
[2010/03/11 04:07:56 | 000,007,280 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/11 04:07:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/03/11 04:06:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 04:05:08 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\OKZKRGZWC.job
[2010/03/11 04:05:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 04:05:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 04:05:02 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/10 07:47:08 | 009,744,384 | ---- | M] () -- C:\Documents and Settings\Jon\ntuser.dat
[2010/03/10 07:47:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jon\ntuser.ini
[2010/03/02 19:39:30 | 008,379,514 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Ludacris-My Chick Bad_(Remix)_(Feat_Diamond_Trina_&_Eve).mp3
[2010/03/02 03:40:24 | 000,009,739 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\[NDS]Ace_Attorney_Investigations_Miles_Edgeworth[USA].zip.5368922.TPB.torrent
[2010/03/01 10:25:58 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\jonathan_yap_resume.doc
[2010/02/28 01:35:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/28 01:25:40 | 003,874,477 | R--- | M] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2010/02/27 06:41:52 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Jon\Desktop\GooredFix.exe
[2010/02/26 15:50:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/25 07:29:04 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Preliminary Questionnaire Temp (post-2010_02.2010).doc
[2010/02/15 12:40:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/02/15 05:54:56 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jon\Desktop\ATF-Cleaner.exe
[2010/02/11 18:11:58 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\Jon\My Documents\HIL Schedule (staff final_02.11.2010).xls
[2010/02/11 18:11:44 | 000,208,384 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\debttrackerv33.xls
[2010/02/11 14:27:22 | 000,002,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/02/10 10:54:52 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\cover.doc
[2010/02/10 03:13:32 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 13:20:52 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 12:36:36 | 000,018,963 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\World_Destruction__Sekai_Bokumetsu_no_Rokunin_.4746792.TPB.torrent
[2010/02/09 12:01:10 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/02/09 12:01:04 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/02/09 11:02:52 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 11:02:20 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Jon\Desktop\HousecallLauncher.exe
[2010/02/09 05:14:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/09 05:01:24 | 003,845,596 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.zip
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 09:41:35 | 2137,116,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 18:55:38 | 008,379,514 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Ludacris-My Chick Bad_(Remix)_(Feat_Diamond_Trina_&_Eve).mp3
[2010/03/02 03:40:22 | 000,009,739 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\[NDS]Ace_Attorney_Investigations_Miles_Edgeworth[USA].zip.5368922.TPB.torrent
[2010/02/27 17:06:13 | 000,007,280 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/25 07:30:17 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Preliminary Questionnaire Temp (post-2010_02.2010).doc
[2010/02/15 12:40:16 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/02/11 18:27:44 | 009,744,384 | ---- | C] () -- C:\Documents and Settings\Jon\ntuser.dat
[2010/02/11 18:07:24 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\Jon\My Documents\HIL Schedule (staff final_02.11.2010).xls
[2010/02/11 04:07:20 | 003,874,477 | R--- | C] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2010/02/10 03:58:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\gmer.exe
[2010/02/09 13:20:50 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 12:36:36 | 000,018,963 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\World_Destruction__Sekai_Bokumetsu_no_Rokunin_.4746792.TPB.torrent
[2010/02/09 11:02:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\housecall.guid.cache
[2010/02/09 05:14:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/09 05:14:46 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/09 05:09:45 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 05:09:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 05:09:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 05:09:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 05:09:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 05:01:10 | 003,845,596 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.zip
[2010/02/04 20:10:32 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/29 07:36:48 | 000,006,368 | -HS- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\7tht8
[2008/10/20 03:24:22 | 000,226,792 | ---- | C] () -- C:\WINDOWS\System32\MuzLyrcs.dll
[2008/10/20 03:24:22 | 000,034,280 | ---- | C] () -- C:\WINDOWS\System32\MzWhatImListen2.dll
[2008/05/23 07:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/18 22:32:25 | 000,002,921 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/14 09:33:23 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MABUGS~1.INI
[2007/10/31 11:05:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/09/04 15:27:00 | 000,492,256 | ---- | C] () -- C:\WINDOWS\System32\MelonWebPlayer.dll
[2007/06/05 03:57:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/21 21:40:08 | 000,067,184 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2007/05/13 11:47:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007/05/13 11:43:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2007/05/13 01:48:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll
[2007/05/13 01:48:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MultiLangDll.dll
[2007/05/12 23:37:15 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/18 04:49:32 | 000,395,000 | ---- | C] () -- C:\WINDOWS\System32\MelonWeb.dll
[2006/03/10 16:02:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TouchWeb.dll
[2005/08/19 15:51:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 17:45:58 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005/08/16 17:55:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/08/16 17:28:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/16 17:27:49 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/16 17:16:16 | 000,000,750 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2005/08/16 17:15:53 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/30 14:44:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2004/03/29 21:09:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MAMACExtract.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,002,772 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/14 09:31:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 09:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 09:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 09:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2007/11/04 16:04:08 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Jon\My Documents\???.doc) -- C:\Documents and Settings\Jon\My Documents\재가입.doc
[2007/11/04 16:04:05 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Jon\My Documents\???.doc) -- C:\Documents and Settings\Jon\My Documents\재가입.doc
< End of report >

#5 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 03:04 PM

This is from extras.txt

OTL Extras logfile created on: 11/03/2010 4:39:30 AM - Run 1
OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Jon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35.60 Gb Total Space | 1.46 Gb Free Space | 4.10% Space Free | Partition Type: FAT32
Drive D: | 35.98 Gb Total Space | 0.49 Gb Free Space | 1.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-77636EF25D
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2790021247-3188298651-3769969577-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\System32\P3MelonSvr.exe" = C:\WINDOWS\System32\P3MelonSvr.exe:*:Enabled:SKT Melon Music Control -- (LOEN Entertainment, Inc.)
"C:\WINDOWS\System32\SKTVSvr.exe" = C:\WINDOWS\System32\SKTVSvr.exe:*:Enabled:SKT Melon VoD Control -- (SKT)
"C:\WINDOWS\System32\BugsSvr.exe" = C:\WINDOWS\System32\BugsSvr.exe:*:Enabled:Bugs Music Player Control -- ()
"C:\WINDOWS\System32\p3bvsvr.exe" = C:\WINDOWS\System32\p3bvsvr.exe:*:Enabled:Bugs VoD Server -- (PeeringPortal)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\System32\skcbgm.exe" = C:\WINDOWS\System32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player -- (© SK Communications)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\WINDOWS\System32\muz.exe" = C:\WINDOWS\System32\muz.exe:*:Enabled:MUZ AOD player -- (Musiccity Co.Ltd.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209860AB-AC54-425C-9788-91F561EFD793}" = LGMobileSync
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{264A8828-CFE6-4614-8284-3A94B4457A5D}" = PLEOMAX PWC-3800
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351530FE-77E9-463A-AF90-F22854F26803}" = ArcSoft VideoImpression 2
"{3592F5CB-B524-43AA-92F2-2377268199CC}" = iTunes
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E388F0E-84F8-4E7F-AED5-F6386B176E7E}" = Nurian PC Link Service
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4116FC50-1430-4AFC-A7BE-65A80D630AB3}" = Nurian PC Link Service
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C564728-F229-497E-81B7-391A1B4287F6}" = LGMobileSync
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A58D0D22-6CE2-44CE-B970-FC651E2CD56D}" = ArcSoft PhotoImpression 4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC76BA86-7AD7-2447-5A64-7E8A45000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-5676-5A64-7E8A45000001}" = Adobe Reader Korean Fonts
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNetManagement
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALZip_is1" = ALZip
"AVIConverter" = AVIConverter 3.0
"AviSynth" = AviSynth 2.5
"Clubbox ۰" = Clubbox ۰
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F" = HDAUDIO Soft Voice Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Cyworld Music Player" = ̿ ÷̾
"Delayed Shutdown_is1" = Delayed Shutdown 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EOS Utility" = Canon Utilities EOS Utility
"EZ-Sync 1.5" = EZ-Sync 1.5
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LimeWire" = LimeWire 4.16.6
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melon" = MelOn Player
"Metacafe" = Metacafe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"ProInst" = Intel® PROSet/Wireless Software
"PSP Video 9" = PSP Video 9 5.03
"RegistryBooster 2" = RegistryBooster 2
"ST6UNST #1" = Desktop Hijack Fix
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPhlash" = WinPhlash
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"YouTube Downloader App" = YouTube Downloader App 2.03

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/03/2010 7:12:21 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:21 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:21 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:22 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:22 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:22 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:23 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:23 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:23 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 08/03/2010 7:12:23 AM | Computer Name = ACER-77636EF25D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 04/03/2010 5:55:13 PM | Computer Name = ACER-77636EF25D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 04/03/2010 5:55:15 PM | Computer Name = ACER-77636EF25D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 04/03/2010 5:55:27 PM | Computer Name = ACER-77636EF25D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 04/03/2010 5:55:27 PM | Computer Name = ACER-77636EF25D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNASvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 04/03/2010 8:40:26 PM | Computer Name = ACER-77636EF25D | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/03/2010 2:38:22 AM | Computer Name = ACER-77636EF25D | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +86584 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.0.102:123->207.46.197.32:123) is working
properly.

Error - 08/03/2010 3:52:02 PM | Computer Name = ACER-77636EF25D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 08/03/2010 3:52:02 PM | Computer Name = ACER-77636EF25D | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/03/2010 3:08:25 PM | Computer Name = ACER-77636EF25D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 10/03/2010 3:08:25 PM | Computer Name = ACER-77636EF25D | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053


< End of report >

#6 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 03:17 PM

This virus, I think is leftover from the fake antivirus program that I used to have on this computer (either that or I just had 2 viruses?) I think it was called Internetsecurity2010? Or was it 2009? I can't remember, it's been awhile, but it was removed using malwarebytes awhile back. This virus however, I can't seem to detect using anything. The symptoms are redirecting google searches to a site that is related to goingonearth.com Whenever goingonearth gets typed in the browser or in google it gets scrambled up into a random anagram. Anyways I used many different programs to get rid of this nasty bug. Malwarebytes couldn't detect anything in safe mode and normal mode. As a matter of fact starting windows in safe mode was impossible for awhile, however after running some online virus scanners in normal mode such as panda antivirus, kapersky, and trend seemed to allow me to access safe mode again. Other anti spyware programs I used include: spybot, and superantispyware
However scans turned out empty. I think read up on the solution this other user talked about on this site, since he had the same problem as me. What he did was run dos mode and find atapi.sys file, replace any oversized atapi.sys files, and that took care of it for him. I tried that, replaced the oversized atapi.sys files. However I still kept on getting redirected on google. The virus kind of lies dormant at times, like for the first few searches it lets me find sites normally, but after awhile it kicks in, and the goingonearth.com redirect comes back in effect. I haven't been using this computer for banking for awhile after that, because my atm card was breached. Hopefully not by this virus though!

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:55 AM

Posted 11 March 2010 - 04:23 PM

Hi,

please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

As well as gooredfix:
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 05:29 PM

Hi, this is my gmer log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-11 07:15:57
Windows 5.1.2600 Service Pack 3
Running: 1y38u3m0.exe; Driver: C:\DOCUME~1\Jon\LOCALS~1\Temp\axtoafog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA95C078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA95C0821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA95C0738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA95C074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA95C0835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA95C0861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA95C08CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA95C08B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA95C07CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA95C08FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA95C080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA95C0710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA95C0724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA95C079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA95C0937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA95C08A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA95C088D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA95C084B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA95C0923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA95C090F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA95C0776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA95C0762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA95C0877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA95C07F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA95C08E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA95C07E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA95C07B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP A95C07B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP A95C078E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74FE 7 Bytes JMP A95C07CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8314 5 Bytes JMP A95C07E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA96 7 Bytes JMP A95C07A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1324 5 Bytes JMP A95C0714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15B0 5 Bytes JMP A95C0728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE2 5 Bytes JMP A95C0766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP A95C0750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AE 5 Bytes JMP A95C073C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B8 5 Bytes JMP A95C077A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB8 5 Bytes JMP A95C07FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8061856E 7 Bytes JMP A95C0891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188BC 7 Bytes JMP A95C087B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE6 7 Bytes JMP A95C08E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80619484 7 Bytes JMP A95C08A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D58 7 Bytes JMP A95C084F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A336 5 Bytes JMP A95C0825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C6 7 Bytes JMP A95C0839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A996 7 Bytes JMP A95C0865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB76 7 Bytes JMP A95C08D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADE0 7 Bytes JMP A95C08BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B708 5 Bytes JMP A95C0811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8061BA2E 7 Bytes JMP A95C093B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCEE 5 Bytes JMP A95C0913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3E2 5 Bytes JMP A95C0927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4FC 5 Bytes JMP A95C08FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F7A
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007006F
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070054
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A7
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F5F
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F33
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C2
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F0E
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB2
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007008A
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F44
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F8A
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FA5
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005003F
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FB4
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005002E
.text C:\WINDOWS\system32\services.exe[708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F52
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F63
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F8A
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F9B
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED002C
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0090
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0073
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00C6
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F2D
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F1C
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0047
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0062
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FC0
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0011
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00AB
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0033
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC008B
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0022
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0011
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC007A
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0000
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EC005F
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0044
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0042
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0027
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FD2
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FB7
.text C:\WINDOWS\system32\lsass.exe[720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FE3
.text C:\WINDOWS\system32\lsass.exe[720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60F77
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60F94
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FA5
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60F48
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60090
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600D0
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F37
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F600EB
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60047
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60073
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F6002C
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F600AB
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F5006C
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50025
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50014
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50FAF
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F5005B
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F4004E
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F40033
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F40018
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C40FB2
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C4009D
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4008C
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C4006F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C4004A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C400E7
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C400CC
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40F5F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C400F8
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40F4E
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40FA1
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C4002F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C40F7A
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30F7C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F9E
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20FA6
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FB7
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20027
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20FC8
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C2000C
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03410000
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03410F66
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03410F81
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03410065
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03410FB2
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0341004A
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03410F3F
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03410087
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03410F09
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034100A2
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03410EEE
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03410FC3
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0341001B
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03410076
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03410FDE
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03410FEF
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03410F24
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03400040
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03400076
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03400025
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0340000A
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0340005B
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03400FE5
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03400FB9
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [60, 8B]
.text C:\WINDOWS\System32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03400FD4
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 033F0044
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 033F0033
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 033F0011
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 033F0FE3
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 033F0022
.text C:\WINDOWS\System32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 033F0000
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 033E0FEF
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 033D0FE5
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 033D0FD4
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 033D0FB9
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 033D0FA8
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F7C
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F97
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650065
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065004A
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FA8
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F44
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065008C
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650EFD
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F0E
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006500B1
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F61
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB9
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F29
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0064003D
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640069
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640058
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640FB6
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FC7
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630F8D
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630022
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FDE
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01890000
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01890F80
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01890075
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01890064
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0189003D
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01890FB6
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018900AD
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0189009C
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01890F1B
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018900BE
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018900D9
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01890FA5
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0189001B
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01890F6F
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0189002C
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01890FDB
.text C:\WINDOWS\Explorer.EXE[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01890F40
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01880014
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01880FA8
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01880FC3
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01880FD4
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0188005B
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01880FEF
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01880040
.text C:\WINDOWS\Explorer.EXE[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0188002F
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01870FA6
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 01870031
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01870FD2
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01870000
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01870FC1
.text C:\WINDOWS\Explorer.EXE[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01870FE3
.text C:\WINDOWS\Explorer.EXE[1332] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01850000
.text C:\WINDOWS\Explorer.EXE[1332] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01850025
.text C:\WINDOWS\Explorer.EXE[1332] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01850036
.text C:\WINDOWS\Explorer.EXE[1332] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01850FE5
.text C:\WINDOWS\Explorer.EXE[1332] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01130000
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078006F
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F70
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0078004A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780039
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780F97
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0078009B
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F5F
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800D8
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800C7
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800E9
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780028
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FDE
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780080
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FB2
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FC3
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800B6
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770022
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770058
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FDB
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770F9B
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0077003D
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FB6
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760036
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760FB5
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FC6
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FE3
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60FB7
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B600A2
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60091
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60080
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B60051
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B60FA6
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B600E2
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B60135
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B6011A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B60F8B
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B600D1
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B60036
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B60109
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B50051
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B5008E
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B50036
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B5007D
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D5, 88] {AAD 0x88}
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B5006C
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B40062
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B4003D
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B40011
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B40022
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B40FD7
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F80025
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F80036
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F7E
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0073
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0062
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0047
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00B2
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00A1
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00E8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00D7
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F34
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FC0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0084
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F59
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FD1
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660073
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660022
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660058
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660047
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FC6
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FE3
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00630FDB
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0064
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F79
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F8A
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0047
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD009C
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F4A
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F14
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F2F
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD00D2
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0075
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\svchost.exe[2068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD00AD
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0F6B
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0F7C
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 88]
.text C:\WINDOWS\system32\svchost.exe[2068] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0031
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0020
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FC1
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FB0
.text C:\WINDOWS\system32\svchost.exe[2068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FD2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01088A59
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010894B1
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010891C5
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010893CD
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 010889AA
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01089268
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0108930F
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 01088DA6
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 01089606
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 01089B2E
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0108953C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 01089A4C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 01089ED9
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 01089FA0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 01089967
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 010897A9
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 010896D0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2388] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 01089882
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A008B
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0070
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005F
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A004E
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C1
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F85
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0108
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00ED
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0119
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A003D
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00B0
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0022
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FD1
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00DC
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F6B
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FC0
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F7C
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F8D
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F9E
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E003D
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FA8
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FD4
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FB9
.text C:\WINDOWS\System32\svchost.exe[3360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0018
.text C:\WINDOWS\System32\svchost.exe[3360] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwkbmfqrgftofybl.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors

---- EOF - GMER 1.0.15 ----


#9 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 05:32 PM

And here is the gooredfix log

GooredFix by jpshortstuff (08.01.10.1)
Log created at 07:19 on 11/03/2010 (Jon)
Firefox version 3.6 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:45 22/06/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:25 07/02/2010]

C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\sn8ncpfo.default\extensions\
cookiepie@nektra.com [01:53 05/08/2009]
{20a82645-c095-46ed-80e3-08825760534b} [00:14 02/09/2009]
{73a6fe31-595d-460b-a920-fcc0f8843232} [02:20 09/02/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [19:26 09/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:12 07/08/2009]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [09:06 11/12/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [00:31 07/01/2010]
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"="C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\" [20:59 23/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [05:25 07/02/2010]

-=E.O.F=-

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:55 AM

Posted 11 March 2010 - 05:53 PM

Hi,

please empty your temp files:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

And then run an updated scan with Malwarebytes and post your logs here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 March 2010 - 09:54 PM

Hi, here is what I got for the malwares log. Malwares was updated before I scanned my computer.
I've tested google search, but it still seems to be trying to redirect me after a few times (however blocked with firefox script blocker)


Malwarebytes' Anti-Malware 1.44
Database version: 3855
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/03/2010 11:46:55 AM
mbam-log-2010-03-11 (11-46-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196189
Time elapsed: 52 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:55 AM

Posted 12 March 2010 - 10:03 AM

Hi,

please run a scan with tdsskiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

As well as Superantispyware:
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 12 March 2010 - 03:08 PM

Thanks for getting back to me. I've run tdss killer and here is the log for that. Had to stop SaS after an hour and a half because have to run to work so will do that again later tonight. SaS came up negative though for that time it was running, just came up with a cookie and that's it. Will try that again later.

03:24:23:578 5208 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
03:24:23:578 5208 ================================================================================
03:24:23:578 5208 SystemInfo:

03:24:23:578 5208 OS Version: 5.1.2600 ServicePack: 3.0
03:24:23:578 5208 Product type: Workstation
03:24:23:578 5208 ComputerName: ACER-77636EF25D
03:24:23:578 5208 UserName: Jon
03:24:23:578 5208 Windows directory: C:\WINDOWS
03:24:23:578 5208 Processor architecture: Intel x86
03:24:23:578 5208 Number of processors: 1
03:24:23:578 5208 Page size: 0x1000
03:24:23:593 5208 Boot type: Normal boot
03:24:23:593 5208 ================================================================================
03:24:23:593 5208 UnloadDriverW: NtUnloadDriver error 2
03:24:23:593 5208 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
03:24:23:734 5208 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
03:24:23:734 5208 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
03:24:23:734 5208 wfopen_ex: Trying to KLMD file open
03:24:23:734 5208 wfopen_ex: File opened ok (Flags 2)
03:24:23:734 5208 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
03:24:23:734 5208 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
03:24:23:734 5208 wfopen_ex: Trying to KLMD file open
03:24:23:734 5208 wfopen_ex: File opened ok (Flags 2)
03:24:23:734 5208 Initialize success
03:24:23:734 5208
03:24:23:734 5208 Scanning Services ...
03:24:24:156 5208 GetAdvancedServicesInfo: Raw services enum returned 376 services
03:24:24:171 5208
03:24:24:171 5208 Scanning Kernel memory ...
03:24:24:171 5208 Devices to scan: 4
03:24:24:171 5208
03:24:24:171 5208 Driver Name: Disk
03:24:24:171 5208 IRP_MJ_CREATE : BA96EBB0
03:24:24:171 5208 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
03:24:24:171 5208 IRP_MJ_CLOSE : BA96EBB0
03:24:24:171 5208 IRP_MJ_READ : BA968D1F
03:24:24:171 5208 IRP_MJ_WRITE : BA968D1F
03:24:24:171 5208 IRP_MJ_QUERY_INFORMATION : 804F355A
03:24:24:171 5208 IRP_MJ_SET_INFORMATION : 804F355A
03:24:24:171 5208 IRP_MJ_QUERY_EA : 804F355A
03:24:24:171 5208 IRP_MJ_SET_EA : 804F355A
03:24:24:171 5208 IRP_MJ_FLUSH_BUFFERS : BA9692E2
03:24:24:171 5208 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
03:24:24:171 5208 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
03:24:24:171 5208 IRP_MJ_DIRECTORY_CONTROL : 804F355A
03:24:24:171 5208 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
03:24:24:171 5208 IRP_MJ_DEVICE_CONTROL : BA9693BB
03:24:24:171 5208 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA96CF28
03:24:24:171 5208 IRP_MJ_SHUTDOWN : BA9692E2
03:24:24:171 5208 IRP_MJ_LOCK_CONTROL : 804F355A
03:24:24:171 5208 IRP_MJ_CLEANUP : 804F355A
03:24:24:171 5208 IRP_MJ_CREATE_MAILSLOT : 804F355A
03:24:24:171 5208 IRP_MJ_QUERY_SECURITY : 804F355A
03:24:24:171 5208 IRP_MJ_SET_SECURITY : 804F355A
03:24:24:171 5208 IRP_MJ_POWER : BA96AC82
03:24:24:171 5208 IRP_MJ_SYSTEM_CONTROL : BA96F99E
03:24:24:171 5208 IRP_MJ_DEVICE_CHANGE : 804F355A
03:24:24:171 5208 IRP_MJ_QUERY_QUOTA : 804F355A
03:24:24:171 5208 IRP_MJ_SET_QUOTA : 804F355A
03:24:24:187 5208 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
03:24:24:187 5208
03:24:24:187 5208 Driver Name: Disk
03:24:24:187 5208 IRP_MJ_CREATE : BA96EBB0
03:24:24:187 5208 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
03:24:24:187 5208 IRP_MJ_CLOSE : BA96EBB0
03:24:24:187 5208 IRP_MJ_READ : BA968D1F
03:24:24:187 5208 IRP_MJ_WRITE : BA968D1F
03:24:24:187 5208 IRP_MJ_QUERY_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_SET_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_EA : 804F355A
03:24:24:187 5208 IRP_MJ_SET_EA : 804F355A
03:24:24:187 5208 IRP_MJ_FLUSH_BUFFERS : BA9692E2
03:24:24:187 5208 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_DIRECTORY_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_DEVICE_CONTROL : BA9693BB
03:24:24:187 5208 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA96CF28
03:24:24:187 5208 IRP_MJ_SHUTDOWN : BA9692E2
03:24:24:187 5208 IRP_MJ_LOCK_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_CLEANUP : 804F355A
03:24:24:187 5208 IRP_MJ_CREATE_MAILSLOT : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_SECURITY : 804F355A
03:24:24:187 5208 IRP_MJ_SET_SECURITY : 804F355A
03:24:24:187 5208 IRP_MJ_POWER : BA96AC82
03:24:24:187 5208 IRP_MJ_SYSTEM_CONTROL : BA96F99E
03:24:24:187 5208 IRP_MJ_DEVICE_CHANGE : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_QUOTA : 804F355A
03:24:24:187 5208 IRP_MJ_SET_QUOTA : 804F355A
03:24:24:187 5208 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
03:24:24:187 5208
03:24:24:187 5208 Driver Name: Disk
03:24:24:187 5208 IRP_MJ_CREATE : BA96EBB0
03:24:24:187 5208 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
03:24:24:187 5208 IRP_MJ_CLOSE : BA96EBB0
03:24:24:187 5208 IRP_MJ_READ : BA968D1F
03:24:24:187 5208 IRP_MJ_WRITE : BA968D1F
03:24:24:187 5208 IRP_MJ_QUERY_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_SET_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_EA : 804F355A
03:24:24:187 5208 IRP_MJ_SET_EA : 804F355A
03:24:24:187 5208 IRP_MJ_FLUSH_BUFFERS : BA9692E2
03:24:24:187 5208 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
03:24:24:187 5208 IRP_MJ_DIRECTORY_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_DEVICE_CONTROL : BA9693BB
03:24:24:187 5208 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA96CF28
03:24:24:187 5208 IRP_MJ_SHUTDOWN : BA9692E2
03:24:24:187 5208 IRP_MJ_LOCK_CONTROL : 804F355A
03:24:24:187 5208 IRP_MJ_CLEANUP : 804F355A
03:24:24:187 5208 IRP_MJ_CREATE_MAILSLOT : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_SECURITY : 804F355A
03:24:24:187 5208 IRP_MJ_SET_SECURITY : 804F355A
03:24:24:187 5208 IRP_MJ_POWER : BA96AC82
03:24:24:187 5208 IRP_MJ_SYSTEM_CONTROL : BA96F99E
03:24:24:187 5208 IRP_MJ_DEVICE_CHANGE : 804F355A
03:24:24:187 5208 IRP_MJ_QUERY_QUOTA : 804F355A
03:24:24:187 5208 IRP_MJ_SET_QUOTA : 804F355A
03:24:24:203 5208 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
03:24:24:203 5208
03:24:24:203 5208 Driver Name: atapi
03:24:24:203 5208 IRP_MJ_CREATE : BA705572
03:24:24:203 5208 IRP_MJ_CREATE_NAMED_PIPE : 804F355A
03:24:24:203 5208 IRP_MJ_CLOSE : BA705572
03:24:24:203 5208 IRP_MJ_READ : 804F355A
03:24:24:203 5208 IRP_MJ_WRITE : 804F355A
03:24:24:203 5208 IRP_MJ_QUERY_INFORMATION : 804F355A
03:24:24:203 5208 IRP_MJ_SET_INFORMATION : 804F355A
03:24:24:203 5208 IRP_MJ_QUERY_EA : 804F355A
03:24:24:203 5208 IRP_MJ_SET_EA : 804F355A
03:24:24:203 5208 IRP_MJ_FLUSH_BUFFERS : 804F355A
03:24:24:203 5208 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F355A
03:24:24:203 5208 IRP_MJ_SET_VOLUME_INFORMATION : 804F355A
03:24:24:203 5208 IRP_MJ_DIRECTORY_CONTROL : 804F355A
03:24:24:203 5208 IRP_MJ_FILE_SYSTEM_CONTROL : 804F355A
03:24:24:203 5208 IRP_MJ_DEVICE_CONTROL : BA705592
03:24:24:203 5208 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA7017B4
03:24:24:203 5208 IRP_MJ_SHUTDOWN : 804F355A
03:24:24:203 5208 IRP_MJ_LOCK_CONTROL : 804F355A
03:24:24:203 5208 IRP_MJ_CLEANUP : 804F355A
03:24:24:203 5208 IRP_MJ_CREATE_MAILSLOT : 804F355A
03:24:24:203 5208 IRP_MJ_QUERY_SECURITY : 804F355A
03:24:24:203 5208 IRP_MJ_SET_SECURITY : 804F355A
03:24:24:203 5208 IRP_MJ_POWER : BA7055BC
03:24:24:203 5208 IRP_MJ_SYSTEM_CONTROL : BA70C164
03:24:24:203 5208 IRP_MJ_DEVICE_CHANGE : 804F355A
03:24:24:203 5208 IRP_MJ_QUERY_QUOTA : 804F355A
03:24:24:203 5208 IRP_MJ_SET_QUOTA : 804F355A
03:24:24:234 5208 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
03:24:24:234 5208
03:24:24:234 5208 Completed
03:24:24:234 5208
03:24:24:234 5208 Results:
03:24:24:234 5208 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
03:24:24:234 5208 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
03:24:24:234 5208 File objects infected / cured / cured on reboot: 0 / 0 / 0
03:24:24:234 5208
03:24:24:234 5208 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
03:24:24:234 5208 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
03:24:24:234 5208 KLMD(ARK) unloaded successfully


#14 jyap79

jyap79
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 13 March 2010 - 04:27 PM

I reran superantispyware and here are my results in the log you requested. It came up clean, however I'm still getting redirected on google.
One example link is:
http://www.goingonearth.com/search.php?q=v...mp;n=1268515591
when I was searching up Vancouver2010 from google.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/13/2010 at 05:14 AM

Application Version : 4.34.1000

Core Rules Database Version : 4671
Trace Rules Database Version: 2483

Scan type : Complete Scan
Total Scan Time : 01:30:49

Memory items scanned : 598
Memory threats detected : 0
Registry items scanned : 6965
Registry threats detected : 0
File items scanned : 65701
File threats detected : 0

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:55 AM

Posted 13 March 2010 - 06:12 PM

Hi,
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ipconfig /flushdns
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


Let me know if that fixes the redirects. Are you connected over the router? If so are other people on the router affected as well?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users