Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with FakeAlert-MY.gen


  • This topic is locked This topic is locked
24 replies to this topic

#1 dawoof6

dawoof6

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 21 April 2010 - 12:14 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/311185/google-results-being-redirected-to-other-sites/ ~ OB

Okay here goes.. this all started with a post about Google results being redirected to other sites. After a great deal of spyware/malware tools, I finish by rebooting from safe mode after running SAS. Upon restart Mcafee VS announces it has blocked Fake Alert. Then all hell broke loose. XP Security (or so it said) pops up, scans, and says to activate so it can remove the stuff it found. Yeah right. After that, I could not even browse with IE due to 'security threats'. Had to close process jiwp.exe. Then IE will work, but very slowly. The other major thing I found is that all .exe files have been re-associated in some way. The decription says 'secfile'. The only way to use any program is to right-click then choose start. Please help! Thx!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Walker Family at 9:46:23.67 on Tue 04/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2604 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
P:\Program Files\Bonjour\mDNSResponder.exe
P:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
P:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
P:\Program Files\McAfee.com\Agent\mcagent.exe
P:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
P:\Program Files\Palm\Hotsync.exe
P:\Program Files\Logitech\SetPoint\SetPoint.exe
P:\Program Files\PdaNet 4.12\PdaNet.exe
P:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
P:\Program Files\PdaNet 4.12\PdaNetUm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
P:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
P:\Program Files\TVersity\Media Server\MediaServer.exe
P:\Program Files\bin32\nSvcAppFlt.exe
P:\Program Files\bin32\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
P:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
P:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Walker Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - p:\program files\mcafee\virusscan\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - p:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - p:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - p:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [EPSON Stylus CX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticaa.exe /fu "c:\windows\temp\E_SC4.tmp" /EF "HKCU"
uRun: [Window Washer] p:\program files\webroot\washer\wwDisp.exe
uRun: [swg] p:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [mcagent_exe] "p:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Acrobat Assistant 8.0] "p:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [HDAudDeck] p:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "p:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "p:\program files\itunes\iTunesHelper.exe"
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "p:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\walker~1\startm~1\programs\startup\pdanet~1.lnk - p:\program files\pdanet 4.12\PdaNet.exe
StartupFolder: c:\docume~1\walker~1\startm~1\programs\startup\startt~1.lnk - p:\program files\tversity\media server\MediaServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - p:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - p:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - p:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - p:\program files\logitech\setpoint\SetPoint.exe
IE: Append to existing PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - p:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - p:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - p:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - p:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://lva.msllab.microsoft.com/msllabs/vmrc/VMRCActiveXClient.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246594617921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246594706453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - p:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - p:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-19 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-3 214664]
R1 SASDIFSV;SASDIFSV;p:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;p:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-3 359952]
R2 McShield;McAfee Real-time Scanner;p:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-3 144704]
R3 McSysmon;McAfee SystemGuards;p:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-3 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-3 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-3 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-3 40552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-7-3 56992]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-12 8576]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-3 845184]
S2 gupdate1ca0b128dd7ff2;Google Update Service (gupdate1ca0b128dd7ff2);p:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2010-4-19 261632]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;p:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;p:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-3 34248]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;p:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-3-3 1122304]
S3 SASENUM;SASENUM;p:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-04-20 16:41:19 0 ----a-w- c:\documents and settings\walker family\defogger_reenable
2010-04-20 15:30:53 191488 --sha-w- c:\docume~1\alluse~1\applic~1\ave.exe
2010-04-20 14:55:32 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-20 06:00:15 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-20 06:00:00 0 d-----w- p:\program files\SUPERAntiSpyware
2010-04-20 06:00:00 0 d-----w- c:\docume~1\walker~1\applic~1\SUPERAntiSpyware.com
2010-04-20 05:59:25 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-20 05:23:52 0 d-----w- c:\docume~1\walker~1\applic~1\Malwarebytes
2010-04-20 05:23:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 05:23:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-20 05:23:32 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:23:32 0 d-----w- p:\program files\Malwarebytes' Anti-Malware
2010-04-20 00:43:07 0 d-s---w- C:\ComboFix
2010-04-20 00:35:09 0 d-sha-r- C:\cmdcons
2010-04-20 00:23:29 98816 ----a-w- c:\windows\sed.exe
2010-04-20 00:23:29 77312 ----a-w- c:\windows\MBR.exe
2010-04-20 00:23:29 261632 ----a-w- c:\windows\PEV.exe
2010-04-20 00:23:29 161792 ----a-w- c:\windows\SWREG.exe
2010-04-19 21:32:06 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-19 21:31:35 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-19 21:09:29 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 21:09:08 0 d-----w- p:\program files\Lavasoft
2010-04-19 19:03:23 0 d-----w- p:\program files\Spybot - Search & Destroy
2010-04-19 19:03:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-19 18:08:54 0 d-----w- c:\program files\common files\Adobe AIR
2010-04-19 17:40:17 218 ----a-w- c:\documents and settings\walker family\.recently-used.xbel
2010-04-19 07:58:10 0 d-----w- c:\docume~1\walker~1\applic~1\PCF-VLC
2010-04-19 07:09:45 0 d-----w- c:\docume~1\walker~1\applic~1\Participatory Culture Foundation
2010-04-19 07:08:59 0 d-----w- p:\program files\Participatory Culture Foundation
2010-04-18 07:32:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-18 07:32:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 00:01:22 0 d-----w- c:\docume~1\walker~1\applic~1\Gamelab
2010-04-06 00:00:52 0 d-----w- p:\program files\Jojo's Fashion Show 2 - Las Cruces
2010-03-28 10:04:35 0 ----a-w- c:\documents and settings\walker family\jagex__preferences3.dat

==================== Find3M ====================

2010-04-19 08:15:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-28 10:09:26 69 ----a-w- c:\documents and settings\walker family\jagex_runescape_preferences2.dat
2010-03-28 10:04:36 41 ----a-w- c:\documents and settings\walker family\jagex_runescape_preferences.dat
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 23:17:02 42512 ----a-w- c:\windows\system32\unins000.dat
2010-02-22 23:16:59 691717 ----a-w- c:\windows\system32\unins000.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-08-26 08:31:39 0 ----a-w- p:\program files\FirstPacketPrograms.txt

============= FINISH: 9:47:37.25 ===============

Attached Files


Edited by Orange Blossom, 21 April 2010 - 07:19 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 27 April 2010 - 08:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 28 April 2010 - 11:14 PM

No changes to the symptoms I listed in the first post, other than Mcafee wanting to restart my computer & scan during the restart. I have told it no at this point so as not to change things from what I have posted here. Here are the logs from OTL as requested:

OTL logfile created on: 4/27/2010 11:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Walker Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\Program Files
Drive C: | 50.00 Gb Total Space | 35.00 Gb Free Space | 70.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.89 Gb Total Space | 12.72 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 550.16 Gb Free Space | 59.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 74.52 Gb Total Space | 70.02 Gb Free Space | 93.96% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 190.71 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
Drive S: | 205.77 Gb Total Space | 194.20 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive X: | 10.00 Gb Total Space | 9.93 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

Computer Name: WALKER-1BA32385
Current User Name: Walker Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 22:56:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/18 16:08:44 | 000,856,064 | ---- | M] () -- P:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- p:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- P:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- P:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- P:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- P:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/25 20:39:46 | 000,185,560 | ---- | M] () -- P:\Program Files\PdaNet 4.12\PdaNet.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 07:27:42 | 000,128,216 | ---- | M] () -- P:\Program Files\PdaNet 4.12\PdaNetUm.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- P:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- P:\Program Files\bin32\nSvcIp.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 22:56:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2010/04/19 14:29:01 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- P:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/19 11:05:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/18 16:08:44 | 000,856,064 | ---- | M] () [Auto | Running] -- P:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- P:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- P:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- P:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- P:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- P:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- P:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 05:46:25 | 001,122,304 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- P:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- P:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- P:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- P:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- P:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/06 23:08:09 | 000,428,064 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2009/06/26 22:55:12 | 000,056,992 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/03/28 00:03:00 | 006,280,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/25 05:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/13 23:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/12 01:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/02/09 09:51:36 | 000,932,608 | ---- | M] (AVerMedia Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA)
DRV - [2006/01/01 22:20:56 | 000,008,576 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2004/08/12 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/04/17 23:53:12 | 000,000,733 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - P:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - P:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] P:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CPMonitor] P:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] P:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003..\Run: [swg] P:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003..\Run: [Window Washer] P:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = P:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = P:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Walker Family\Start Menu\Programs\Startup\PdaNet Desktop.lnk = P:\Program Files\PdaNet 4.12\PdaNet.exe ()
O4 - Startup: C:\Documents and Settings\Walker Family\Start Menu\Programs\Startup\Start TVersity Media Server.lnk = P:\Program Files\TVersity\Media Server\MediaServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - P:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - P:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://lva.msllab.microsoft.com/msllabs/vm...tiveXClient.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1246594617921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1246594706453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Walker Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walker Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - P:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 16:36:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/19 02:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 19:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\...exe [@ = secfile] -- "C:\DOCUME~1\WALKER~1\LOCALS~1\Temp\TjOL.exe" /START "%1" %* ()


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - P:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - P:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - P:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3F77F325-582A-E745-E7EB-A79D65CD2E37} - NetShow
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/02 09:21:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 22:56:29 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe
[2010/04/27 08:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/20 09:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Desktop\gmer
[2010/04/20 07:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/20 07:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\avG
[2010/04/19 23:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/19 23:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\SUPERAntiSpyware.com
[2010/04/19 23:00:00 | 000,000,000 | ---D | C] -- P:\Program Files\SUPERAntiSpyware
[2010/04/19 22:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/19 22:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Malwarebytes
[2010/04/19 22:23:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/19 22:23:32 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 22:23:32 | 000,000,000 | ---D | C] -- P:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 22:19:19 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Walker Family\Desktop\mbam-setup-1.45.exe
[2010/04/19 21:28:12 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Walker Family\Desktop\ATF-Cleaner.exe
[2010/04/19 17:43:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/19 17:35:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/19 17:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 17:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 17:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 17:23:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 17:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 17:21:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 14:32:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/19 14:31:35 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/19 14:09:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/19 14:09:08 | 000,000,000 | ---D | C] -- P:\Program Files\Lavasoft
[2010/04/19 14:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/19 12:03:23 | 000,000,000 | ---D | C] -- P:\Program Files\Spybot - Search & Destroy
[2010/04/19 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/19 11:25:50 | 001,774,432 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Walker Family\Desktop\Rootkit_Detective.exe
[2010/04/19 11:10:57 | 000,000,000 | ---D | C] -- P:\Program Files\Adobe Media Player
[2010/04/19 11:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 10:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\gtk-2.0
[2010/04/19 10:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\WinRAR
[2010/04/19 10:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\Help
[2010/04/19 10:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Help
[2010/04/19 00:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\PCF-VLC
[2010/04/19 00:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Mozilla
[2010/04/19 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Participatory Culture Foundation
[2010/04/19 00:08:59 | 000,000,000 | ---D | C] -- P:\Program Files\Participatory Culture Foundation
[2010/04/18 21:50:43 | 000,459,592 | ---- | C] (Participatory Culture Foundation) -- C:\Documents and Settings\Walker Family\Desktop\Miro_Installer.exe
[2010/04/18 07:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/18 00:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/18 00:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/18 00:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/05 17:01:22 | 000,000,000 | ---D | C] -- E:\Walker Family\My Documents\Jojos Fashion Show 2
[2010/04/05 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Gamelab
[2010/04/05 17:00:52 | 000,000,000 | ---D | C] -- P:\Program Files\Jojo's Fashion Show 2 - Las Cruces
[2010/03/29 15:57:42 | 000,000,000 | ---D | C] -- E:\Walker Family\My Documents\power points
[2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 22:59:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/27 22:57:17 | 000,013,316 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\c7vdif
[2010/04/27 22:57:17 | 000,013,316 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/27 22:56:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe
[2010/04/27 22:53:27 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CF05365-C713-47D5-98D1-C7E9565DCBB2}.job
[2010/04/27 22:48:02 | 000,025,540 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/27 22:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 21:53:13 | 000,006,165 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/04/27 21:03:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 08:28:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/27 08:05:41 | 000,001,396 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\after_virus.reg
[2010/04/27 08:00:09 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/27 08:00:09 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/27 08:00:09 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/27 07:59:07 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/27 07:57:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 07:57:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/27 07:55:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 07:55:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 03:12:41 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Walker Family\NTUSER.DAT
[2010/04/27 03:12:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Walker Family\ntuser.ini
[2010/04/27 02:15:25 | 000,012,236 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\53YQ5yXeP
[2010/04/27 02:15:25 | 000,012,236 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\53YQ5yXeP
[2010/04/26 14:43:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/25 22:10:13 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/04/25 20:25:29 | 000,040,204 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Girl weight for age.pdf
[2010/04/25 20:00:54 | 000,204,299 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/22 19:55:06 | 012,402,688 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/22 19:55:06 | 003,842,048 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/22 19:52:08 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\kodakpcd.ini
[2010/04/20 21:26:17 | 000,025,597 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\bookmark.htm
[2010/04/20 09:50:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\gmer.zip
[2010/04/20 09:45:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\dds.scr
[2010/04/20 09:41:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Walker Family\defogger_reenable
[2010/04/20 09:40:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Defogger.exe
[2010/04/20 08:31:13 | 000,015,000 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\5lCiRC5eR
[2010/04/20 08:31:13 | 000,015,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5lCiRC5eR
[2010/04/20 07:50:17 | 000,086,352 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 23:00:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 22:23:38 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 22:19:19 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Walker Family\Desktop\mbam-setup-1.45.exe
[2010/04/19 21:28:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Walker Family\Desktop\ATF-Cleaner.exe
[2010/04/19 21:26:03 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\rkill.pif
[2010/04/19 17:37:53 | 002,184,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 17:35:14 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/04/19 14:28:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/19 14:09:28 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/19 12:03:27 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Spybot - Search & Destroy.lnk
[2010/04/19 11:23:38 | 001,728,150 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\McafeeRootkitDetective.zip
[2010/04/19 10:40:17 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Walker Family\.recently-used.xbel
[2010/04/19 00:09:30 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2010/04/18 21:50:43 | 000,459,592 | ---- | M] (Participatory Culture Foundation) -- C:\Documents and Settings\Walker Family\Desktop\Miro_Installer.exe
[2010/04/18 00:32:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/15 11:00:27 | 000,427,106 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\stuff to sell 007.jpg
[2010/04/15 01:08:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/14 21:28:29 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 18:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/14 02:37:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 06:41:24 | 001,357,249 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1081.JPG
[2010/04/10 06:40:30 | 001,316,229 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1080.JPG
[2010/04/10 06:35:58 | 001,605,315 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1072.JPG
[2010/04/10 06:35:10 | 001,568,978 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1071.JPG
[2010/04/08 10:10:42 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/04/05 17:01:12 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Jojo's Fashion Show 2 - Las Cruces.lnk
[2010/04/01 01:00:02 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:21:15 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 10:03:38 | 000,013,316 | -HS- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\c7vdif
[2010/04/27 10:03:38 | 000,013,316 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/27 08:05:41 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\after_virus.reg
[2010/04/26 02:11:30 | 000,012,236 | -HS- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\53YQ5yXeP
[2010/04/26 02:11:30 | 000,012,236 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\53YQ5yXeP
[2010/04/25 20:25:28 | 000,040,204 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Girl weight for age.pdf
[2010/04/22 19:52:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\kodakpcd.ini
[2010/04/20 21:26:16 | 000,025,597 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\bookmark.htm
[2010/04/20 09:50:57 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\gmer.zip
[2010/04/20 09:44:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\dds.scr
[2010/04/20 09:41:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Walker Family\defogger_reenable
[2010/04/20 09:40:00 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Defogger.exe
[2010/04/20 07:55:33 | 000,015,000 | -HS- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\5lCiRC5eR
[2010/04/20 07:55:33 | 000,015,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5lCiRC5eR
[2010/04/19 23:00:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 22:23:38 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 21:25:56 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\rkill.pif
[2010/04/19 17:35:13 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/04/19 17:35:10 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/19 17:23:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 17:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 17:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 17:23:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 17:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/19 14:31:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/19 14:09:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/19 12:03:27 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Spybot - Search & Destroy.lnk
[2010/04/19 11:23:38 | 001,728,150 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\McafeeRootkitDetective.zip
[2010/04/19 10:40:17 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Walker Family\.recently-used.xbel
[2010/04/19 00:09:30 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2010/04/18 00:32:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/18 00:32:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/15 11:00:27 | 000,427,106 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\stuff to sell 007.jpg
[2010/04/14 21:28:29 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/10 23:10:50 | 001,316,229 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1080.JPG
[2010/04/10 23:10:30 | 001,357,249 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1081.JPG
[2010/04/10 23:06:17 | 001,568,978 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1071.JPG
[2010/04/10 23:06:16 | 001,605,315 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1072.JPG
[2010/04/05 17:01:12 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Jojo's Fashion Show 2 - Las Cruces.lnk
[2010/02/22 16:17:01 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 16:17:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/02/22 16:17:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/02/22 16:17:01 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/02/22 16:17:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/02/22 16:17:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/02/22 16:17:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/02/22 16:17:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/02/22 16:17:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010/02/22 16:17:00 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/02/22 16:17:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/02/22 16:17:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/09/07 08:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/07 17:50:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/04 12:58:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/07/04 12:58:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/07/03 14:36:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/07/03 14:35:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2009/07/02 21:10:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/02 21:10:04 | 000,033,441 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/02 21:10:04 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/19 07:15:58 | 003,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 09:41:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 09:22:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 09:22:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 09:17:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 08:59:54 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 03:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/22 12:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/22 12:19:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/22 12:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/22 12:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/22 12:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/02 21:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/02 21:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/02 21:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/02 21:28:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 05:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 05:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/02 09:24:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/02 09:24:21 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/02 09:24:21 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/25 22:10:13 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/19 14:28:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


OTL Extras logfile created on: 4/27/2010 11:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Walker Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\Program Files
Drive C: | 50.00 Gb Total Space | 35.00 Gb Free Space | 70.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.89 Gb Total Space | 12.72 Gb Free Space | 22.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 550.16 Gb Free Space | 59.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 74.52 Gb Total Space | 70.02 Gb Free Space | 93.96% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 190.71 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
Drive S: | 205.77 Gb Total Space | 194.20 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive X: | 10.00 Gb Total Space | 9.93 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

Computer Name: WALKER-1BA32385
Current User Name: Walker Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1935655697-1364589140-839522115-1003\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\Walker Family\Local Settings\Temp\TjOL.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "P:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "P:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"P:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = P:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"P:\Program Files\iTunes\iTunes.exe" = P:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"P:\Program Files\PdaNet 4.12\PdaNet.exe" = P:\Program Files\PdaNet 4.12\PdaNet.exe:*:Enabled:PdaNet -- ()
"P:\Program Files\TVersity\Media Server\MediaServer.exe" = P:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\Walker Family\Application Data\Microsoft\services.exe" = C:\Documents and Settings\Walker Family\Application Data\Microsoft\services.exe:*:Enabled:Microsoft Updater v2 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft« Winter Fun Pack 2004 for Windows« XP
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{26216747-CCA3-4045-9B71-F0FB3459791E}" = Are You Smarter Than A 5th Grader? - Make The Grade
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{471B83B9-29D8-41EC-9974-56BB8A457A8B}" = EPSON Stylus CX4400 Series Scanner Driver Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009
"{7A7B3764-7F17-4AB1-A1D3-3B01F5F07445}" = Roxio Creator 2009
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50A0798-E49C-4A45-B043-6856708F6B9C}" = 5DFly Photo Design
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Franšais, Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDABCD1D-7C2E-452C-870C-02BCDD5F8C5C}" = AVerMedia DVD EZMarker Gold
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard4
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional - English, Franšais, Deutsch" = Adobe Acrobat 8 Professional - English, Franšais, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"am-tradewindslegends" = Tradewinds Legends
"Chocolatier 2 Secret Ingredients" = Chocolatier 2 Secret Ingredients
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"G-Force" = G-Force
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{CDABCD1D-7C2E-452C-870C-02BCDD5F8C5C}" = AVerMedia DVD EZMarker Gold
"InstallShield_{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}" = neoDVDstandard
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = Miro
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PdaNet_is1" = PdaNet 4.12 for Treo 700p/755p/Centro
"Pet Shop Hop_is1" = Pet Shop Hop
"PROPLUS" = Microsoft Office Professional Plus 2007
"Silent Package Run-Time Sample" = EPSON CX4400 Series User's Guide
"Soulseek2" = SoulSeek 157 NS 13e
"Sure Cuts A Lot_is1" = Sure Cuts A Lot 1.016
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.4.1 Beta
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinterWonders" = Winter Wonders
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 10:32:52 PM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:32:52 PM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:34:57 PM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:34:57 PM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 12:08:57 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 12:08:57 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 12:29:52 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 12:29:52 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 1:58:57 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 1:58:57 AM | Computer Name = WALKER-1BA32385 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 4/28/2010 1:07:23 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:07:23 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:26:53 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:26:53 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:46:23 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:46:23 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:47:30 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:47:57 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:48:18 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/28/2010 1:48:27 AM | Computer Name = WALKER-1BA32385 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 29 April 2010 - 06:25 AM

Hi,

could you please provide a new log from gmer. Please download a fresh copy:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 29 April 2010 - 07:23 PM

Got it! Had to run it in safe mode, but, I got it..

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-29 12:39:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\WALKER~1\LOCALS~1\Temp\ffaoakow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 5210
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 5211
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 30 April 2010 - 08:35 AM

Hi,

the log from gmer is looking good. smile.gif Please run a scan with Malwarebytes next:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 30 April 2010 - 01:35 PM

Good to know something is looking good. smile.gif Here's the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4055

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/30/2010 10:40:07 AM
mbam-log-2010-04-30 (10-40-07).txt

Scan type: Quick scan
Objects scanned: 122154
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 05 May 2010 - 06:34 AM

Hi,

how is the PC doing? Do you still have the problems with the exe-file associations or did you fix that?
The logs are looking ok.

Please run the following script to fix the problems visible in the OTL log:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/04/27 02:15:25 | 000,012,236 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\53YQ5yXeP
    [2010/04/27 02:15:25 | 000,012,236 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\53YQ5yXeP
    [2010/04/20 08:31:13 | 000,015,000 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\5lCiRC5eR
    [2010/04/20 08:31:13 | 000,015,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5lCiRC5eR
    O37 - HKU\S-1-5-21-1935655697-1364589140-839522115-1003\...exe [@ = secfile] -- "C:\DOCUME~1\WALKER~1\LOCALS~1\Temp\TjOL.exe" /START "%1" %* ()
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 07 May 2010 - 12:46 AM

I was able to fix the .exe file association. The PC is running much better. However, it appears I am back to the root issue of the Google results redirecting to other sites, as well as being unable to post to this site (using another computer). Here are the logs:

This is from the OTL FIX:

All processes killed
========== OTL ==========
C:\Documents and Settings\Walker Family\Local Settings\Application Data\53YQ5yXeP moved successfully.
C:\Documents and Settings\All Users\Application Data\53YQ5yXeP moved successfully.
C:\Documents and Settings\Walker Family\Local Settings\Application Data\5lCiRC5eR moved successfully.
C:\Documents and Settings\All Users\Application Data\5lCiRC5eR moved successfully.
Registry key HKEY_USERS\S-1-5-21-1935655697-1364589140-839522115-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1935655697-1364589140-839522115-1003_Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3150873 bytes
->Java cache emptied: 64888 bytes
->Flash cache emptied: 15147 bytes

User: Walker Family
->Temp folder emptied: 145970 bytes
->Temporary Internet Files folder emptied: 1810459 bytes
->Java cache emptied: 41491504 bytes
->Flash cache emptied: 104794 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 37678472 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11697185 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10440876 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05052010_075323

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And this is the OTL follow up scan:

OTL logfile created on: 5/5/2010 9:30:51 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Walker Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = P:\Program Files
Drive C: | 50.00 Gb Total Space | 37.16 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.89 Gb Total Space | 12.76 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 535.50 Gb Free Space | 57.49% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 74.52 Gb Total Space | 70.02 Gb Free Space | 93.96% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 190.86 Gb Free Space | 95.43% Space Free | Partition Type: NTFS
Drive S: | 205.77 Gb Total Space | 194.20 Gb Free Space | 94.38% Space Free | Partition Type: NTFS
Drive X: | 10.00 Gb Total Space | 9.93 Gb Free Space | 99.34% Space Free | Partition Type: NTFS

Computer Name: WALKER-1BA32385
Current User Name: Walker Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Walker Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - P:\Program Files\TVersity\Media Server\MediaServer.exe ()
PRC - p:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - P:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - P:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - P:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - P:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - P:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe ()
PRC - P:\Program Files\PdaNet 4.12\PdaNet.exe ()
PRC - P:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - P:\Program Files\PdaNet 4.12\PdaNetUm.exe ()
PRC - P:\Program Files\bin32\nSvcAppFlt.exe ()
PRC - P:\Program Files\bin32\nSvcIp.exe ()
PRC - P:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - P:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Walker Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - P:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- P:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (TVersityMediaServer) -- P:\Program Files\TVersity\Media Server\MediaServer.exe ()
SRV - (MpfService) -- P:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- P:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- P:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- P:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- P:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MBackMonitor) -- P:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 11) -- P:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- P:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- P:\Program Files\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- P:\Program Files\bin32\nSvcIp.exe ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- P:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- P:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- P:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (AVerBDA) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys (AVerMedia Technologies, Inc.)
DRV - (pnetmdm) -- C:\WINDOWS\system32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 22:14:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: P:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/12 00:22:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/17 23:53:12 | 000,000,733 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - P:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - P:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - P:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] P:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CPMonitor] P:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [HDAudDeck] P:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [HotSync] C:\Program Files\PalmSource\Desktop\HotSync.exe File not found
O4 - HKLM..\Run: [iTunesHelper] P:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] P:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] P:\PROGRAM FILES\QUICKTIME\QTTASK.EXE (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] P:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Window Washer] P:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = P:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = P:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = P:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Walker Family\Start Menu\Programs\Startup\PdaNet Desktop.lnk = P:\Program Files\PdaNet 4.12\PdaNet.exe ()
O4 - Startup: C:\Documents and Settings\Walker Family\Start Menu\Programs\Startup\Start TVersity Media Server.lnk = P:\Program Files\TVersity\Media Server\MediaServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - P:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - P:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - P:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - P:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - P:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://lva.msllab.microsoft.com/msllabs/vm...tiveXClient.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1246594617921 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1246594706453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Walker Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Walker Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - P:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 16:36:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/19 02:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 19:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8a0ff0c-bba1-11de-8f3a-002215b816e8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 07:53:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/27 22:56:29 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe
[2010/04/27 08:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/20 09:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Desktop\gmer
[2010/04/20 07:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/20 07:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\avG
[2010/04/19 23:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/19 23:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\SUPERAntiSpyware.com
[2010/04/19 23:00:00 | 000,000,000 | ---D | C] -- P:\Program Files\SUPERAntiSpyware
[2010/04/19 22:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/19 22:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Malwarebytes
[2010/04/19 22:23:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/19 22:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/19 22:23:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 22:23:32 | 000,000,000 | ---D | C] -- P:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 22:19:19 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Walker Family\Desktop\mbam-setup-1.45.exe
[2010/04/19 21:28:12 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Walker Family\Desktop\ATF-Cleaner.exe
[2010/04/19 17:43:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/19 17:35:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/19 17:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/19 17:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/19 17:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/19 17:23:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/19 17:23:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/19 17:21:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 14:32:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/19 14:31:35 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/19 14:09:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/19 14:09:08 | 000,000,000 | ---D | C] -- P:\Program Files\Lavasoft
[2010/04/19 14:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/19 12:03:23 | 000,000,000 | ---D | C] -- P:\Program Files\Spybot - Search & Destroy
[2010/04/19 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/19 11:25:50 | 001,774,432 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Walker Family\Desktop\Rootkit_Detective.exe
[2010/04/19 11:10:57 | 000,000,000 | ---D | C] -- P:\Program Files\Adobe Media Player
[2010/04/19 11:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 10:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\gtk-2.0
[2010/04/19 10:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\WinRAR
[2010/04/19 10:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\Help
[2010/04/19 10:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Help
[2010/04/19 00:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\PCF-VLC
[2010/04/19 00:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Mozilla
[2010/04/19 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Participatory Culture Foundation
[2010/04/19 00:08:59 | 000,000,000 | ---D | C] -- P:\Program Files\Participatory Culture Foundation
[2010/04/18 21:50:43 | 000,459,592 | ---- | C] (Participatory Culture Foundation) -- C:\Documents and Settings\Walker Family\Desktop\Miro_Installer.exe
[2010/04/18 07:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/18 00:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/18 00:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/18 00:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/05 17:01:22 | 000,000,000 | ---D | C] -- E:\Walker Family\My Documents\Jojos Fashion Show 2
[2010/04/05 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walker Family\Application Data\Gamelab
[2010/04/05 17:00:52 | 000,000,000 | ---D | C] -- P:\Program Files\Jojo's Fashion Show 2 - Las Cruces
[2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/05/05 09:03:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 08:59:25 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/05/05 08:59:16 | 000,204,299 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/05 07:59:45 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 07:59:45 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 07:59:45 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 07:55:57 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/05 07:55:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 07:55:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 07:55:43 | 000,006,165 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/05/05 07:55:43 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/05 07:55:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 07:55:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 07:54:11 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Walker Family\NTUSER.DAT
[2010/05/05 07:48:00 | 000,025,736 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 07:46:07 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CF05365-C713-47D5-98D1-C7E9565DCBB2}.job
[2010/05/05 00:46:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/05/03 03:21:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 01:00:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/04/30 16:31:11 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 12:59:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Walker Family\ntuser.ini
[2010/04/28 18:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/28 15:46:16 | 000,013,324 | -HS- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\c7vdif
[2010/04/28 15:46:16 | 000,013,324 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/27 22:56:41 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walker Family\Desktop\OTL.exe
[2010/04/27 08:05:41 | 000,001,396 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\after_virus.reg
[2010/04/26 14:43:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/25 20:25:29 | 000,040,204 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Girl weight for age.pdf
[2010/04/22 19:55:06 | 012,402,688 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/04/22 19:55:06 | 003,842,048 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/04/22 19:52:08 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\kodakpcd.ini
[2010/04/20 21:26:17 | 000,025,597 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\bookmark.htm
[2010/04/20 09:50:57 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\gmer.zip
[2010/04/20 09:45:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\dds.scr
[2010/04/20 09:41:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Walker Family\defogger_reenable
[2010/04/20 09:40:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Defogger.exe
[2010/04/20 07:50:17 | 000,086,352 | ---- | M] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 23:00:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 22:23:38 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 22:19:19 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Walker Family\Desktop\mbam-setup-1.45.exe
[2010/04/19 21:28:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Walker Family\Desktop\ATF-Cleaner.exe
[2010/04/19 21:26:03 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\rkill.pif
[2010/04/19 17:37:53 | 002,184,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/19 17:35:14 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/04/19 14:28:54 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/19 14:09:28 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/19 12:03:27 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Spybot - Search & Destroy.lnk
[2010/04/19 11:23:38 | 001,728,150 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\McafeeRootkitDetective.zip
[2010/04/19 10:40:17 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Walker Family\.recently-used.xbel
[2010/04/19 00:09:30 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2010/04/18 21:50:43 | 000,459,592 | ---- | M] (Participatory Culture Foundation) -- C:\Documents and Settings\Walker Family\Desktop\Miro_Installer.exe
[2010/04/18 00:32:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/15 11:00:27 | 000,427,106 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\stuff to sell 007.jpg
[2010/04/15 01:08:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/14 21:28:29 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/14 02:37:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 06:41:24 | 001,357,249 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1081.JPG
[2010/04/10 06:40:30 | 001,316,229 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1080.JPG
[2010/04/10 06:35:58 | 001,605,315 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1072.JPG
[2010/04/10 06:35:10 | 001,568,978 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\100_1071.JPG
[2010/04/08 10:10:42 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/04/05 17:01:12 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Walker Family\Desktop\Jojo's Fashion Show 2 - Las Cruces.lnk

========== Files Created - No Company Name ==========

[2010/04/27 10:03:38 | 000,013,324 | -HS- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\c7vdif
[2010/04/27 10:03:38 | 000,013,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/27 08:05:41 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\after_virus.reg
[2010/04/25 20:25:28 | 000,040,204 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Girl weight for age.pdf
[2010/04/22 19:52:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Walker Family\Local Settings\Application Data\kodakpcd.ini
[2010/04/20 21:26:16 | 000,025,597 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\bookmark.htm
[2010/04/20 09:50:57 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\gmer.zip
[2010/04/20 09:44:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\dds.scr
[2010/04/20 09:41:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Walker Family\defogger_reenable
[2010/04/20 09:40:00 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Defogger.exe
[2010/04/19 23:00:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/19 22:23:38 | 000,000,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 21:25:56 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\rkill.pif
[2010/04/19 17:35:13 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/04/19 17:35:10 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/19 17:23:29 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/19 17:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/19 17:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/19 17:23:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 17:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/19 14:31:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/19 14:09:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/19 12:03:27 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Spybot - Search & Destroy.lnk
[2010/04/19 11:23:38 | 001,728,150 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\McafeeRootkitDetective.zip
[2010/04/19 10:40:17 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Walker Family\.recently-used.xbel
[2010/04/19 00:09:30 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2010/04/18 00:32:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/18 00:32:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/15 11:00:27 | 000,427,106 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\stuff to sell 007.jpg
[2010/04/14 21:28:29 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/10 23:10:50 | 001,316,229 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1080.JPG
[2010/04/10 23:10:30 | 001,357,249 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1081.JPG
[2010/04/10 23:06:17 | 001,568,978 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1071.JPG
[2010/04/10 23:06:16 | 001,605,315 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\100_1072.JPG
[2010/04/05 17:01:12 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Walker Family\Desktop\Jojo's Fashion Show 2 - Las Cruces.lnk
[2010/02/22 16:17:01 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/22 16:17:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/02/22 16:17:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/02/22 16:17:01 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/02/22 16:17:00 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/02/22 16:17:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/02/22 16:17:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/02/22 16:17:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/02/22 16:17:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2010/02/22 16:17:00 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/02/22 16:17:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/02/22 16:17:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/09/07 08:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/07 17:50:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/04 12:58:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/07/04 12:58:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009/07/03 14:36:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/07/03 14:35:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4400.ini
[2009/07/02 21:10:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/02 21:10:04 | 000,033,441 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/02 21:10:04 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/19 07:15:58 | 003,104,256 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 09:41:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 09:22:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 09:22:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 09:17:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 08:59:54 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 03:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/22 12:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/22 12:19:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/22 12:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/22 12:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/22 12:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
< End of report >

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 10 May 2010 - 11:52 AM

Hi,

could you please run a new scan with gmer. Make sure that the option sections is checked.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 10 May 2010 - 08:13 PM

Had to run it in safe mode. Here it is:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 17:42:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\WALKER~1\LOCALS~1\Temp\ffaoakow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 10 May 2010 - 11:14 PM

Hi,

I'd like you to run a scan with the options of gmer set as follows:


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 10 May 2010 - 11:47 PM

Ah, okay. Silly me. crazy.gif Here it is:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 21:37:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\WALKER~1\LOCALS~1\Temp\ffaoakow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B69447B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB914A380, 0x34C81F, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB6C40280]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F8B
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0FA6
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0080
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0039
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00B6
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF00A5
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F31
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF0F42
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F16
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0F7A
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FCD
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FDE
.text C:\WINDOWS\system32\services.exe[564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F53
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060F89
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FAB
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060F9A
.text C:\WINDOWS\system32\services.exe[564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FD2
.text C:\WINDOWS\system32\services.exe[564] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[564] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[564] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[564] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00040FA8
.text C:\WINDOWS\system32\services.exe[564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01100000
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01100039
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01100F44
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01100F55
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01100F72
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01100F9E
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01100F0C
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01100F29
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01100EE0
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01100079
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01100ECF
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01100F8D
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01100FE5
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0110004A
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01100FB9
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01100FCA
.text C:\WINDOWS\system32\lsass.exe[576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01100EFB
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010F0FB2
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010F0054
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010F0FC3
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010F0FDE
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010F0043
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010F0FEF
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 010F0028
.text C:\WINDOWS\system32\lsass.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010F0FA1
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010E0055
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!system 77C293C7 5 Bytes JMP 010E003A
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010E0029
.text C:\WINDOWS\system32\lsass.exe[576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010E000C
.text C:\WINDOWS\system32\lsass.exe[576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00EB000A
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00EB001B
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00EB002C
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenUrlW 3D998439 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[576] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00EB003D
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02510FEF
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02510F7A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02510F95
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02510FA6
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02510FC3
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0251004A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0251009B
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0251008A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02510F02
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02510F13
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02510EF1
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02510065
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0251000A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02510F69
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0251002F
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02510FDE
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02510F38
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02500FD4
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02500076
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02500FE5
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0250001B
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02500065
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0250000A
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0250004A
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02500FC3
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024F005D
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 024F0FD2
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024F0FE3
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024F0000
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024F0038
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024F001D
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 024D000A
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 024D001B
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 024D0040
.text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 024D0FEF
.text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024E0000
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0089
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F94
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0FA5
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0062
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FDB
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF00B0
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F5E
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F3C
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF0F4D
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0F2B
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F6F
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF003D
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF00CB
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FCD
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F8D
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE001E
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FDE
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0FA8
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0054
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0043
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0F7C
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0F97
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0FCD
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0FB2
.text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01040FEF
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01040F7E
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01040073
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01040062
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01040FA5
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01040036
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010400A9
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01040F6D
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01040F24
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01040F3F
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010400D8
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01040051
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0104000A
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0104008E
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01040FCA
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0104001B
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01040F50
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01030014
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01030F7C
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01030FC3
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01030FDE
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01030039
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01030FEF
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01030F97
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [23, 89]
.text C:\WINDOWS\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01030FA8
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01020FAD
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 01020038
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0102001D
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01020FE3
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01020FC8
.text C:\WINDOWS\system32\svchost.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\svchost.exe[872] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00FF0022
.text C:\WINDOWS\system32\svchost.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01010FE5
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D10FEF
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D1006C
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D10F77
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D10F88
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D10051
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D10025
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D10F4B
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D10087
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D100C9
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D10F30
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D100E4
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D10036
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D10FD4
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D10F66
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D10FC3
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D10014
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D100B8
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B6000A
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B60F61
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B60FB9
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B60FCA
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B60F7C
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B60FE5
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B60F8D
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D6, 8A]
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B60FA8
.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0292000A
.text C:\WINDOWS\System32\svchost.exe[920] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0291000A
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028D0FB2
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 028D0FC3
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028D000C
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028D0FDE
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028D001D
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 028B0FEF
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 028B0000
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 028B0011
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 028B0FC0
.text C:\WINDOWS\System32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028C000A
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E00A4
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E0093
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008E0076
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008E0065
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008E0F7E
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008E00C6
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E0F37
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E0F48
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008E0F26
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008E0054
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008E00B5
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008E002F
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E0F63
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008D0051
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008D0F9E
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008D0FAF
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0055
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0044
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0033
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[968] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 008B0FA8
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A70068
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A7004D
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A70F69
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A70F86
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A70FA8
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A70F31
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A70079
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A70EFB
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A70F16
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A700B9
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A70F97
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A70F58
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A70FCA
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A70094
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A60FCA
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A60065
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A60054
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A6000A
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A60FA8
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C6, 88]
.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A60FB9
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FAB
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50FE3
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1072] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FC6
.text C:\WINDOWS\system32\svchost.exe[1072] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00A3000A
.text C:\WINDOWS\system32\svchost.exe[1072] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00A3001B
.text C:\WINDOWS\system32\svchost.exe[1072] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1072] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00A30047
.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C700A2
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70087
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70076
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C70065
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70040
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C70F50
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C70F6B
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C70F24
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F35
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C700D8
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C70FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C70F92
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C70FD4
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C70025
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C700B3
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C6002F
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60F9E
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C60FD4
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C6005B
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C60FB9
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E6, 88] {OUT 0x88, AL}
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50F95
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C50FA6
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FD2
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50FB7
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C5000C
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F48
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F59
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD003D
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0F80
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0022
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F1C
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F2D
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0EE6
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD007F
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD00A4
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0F91
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0058
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F01
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0079
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA004E
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0029
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA000C
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0FEF
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0F30
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F41
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C001B
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C0F5E
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0F83
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F15
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C005D
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0089
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0078
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C0ED5
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0000
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0FD4
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C0040
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0F9E
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FAF
.text C:\WINDOWS\System32\svchost.exe[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C0EFA
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FDB
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B002C
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B001B
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0087
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0051
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00400F8D
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!system 77C293C7 5 Bytes JMP 00400F9E
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00400FDE
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0040000C
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00400FB9
.text C:\WINDOWS\System32\svchost.exe[1876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00400FEF
.text C:\WINDOWS\System32\svchost.exe[1876] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0078000A
.text C:\WINDOWS\System32\svchost.exe[1876] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0078001B
.text C:\WINDOWS\System32\svchost.exe[1876] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00780FDB
.text C:\WINDOWS\System32\svchost.exe[1876] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 0078002C
.text C:\WINDOWS\System32\svchost.exe[1876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[2204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028F0000
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028F0080
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028F0F81
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028F0FA8
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028F0065
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028F0FD4
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028F0F2E
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028F0F49
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028F0EFB
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028F0F0C
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028F0ED6
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028F0FC3
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028F001B
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028F0F70
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028F0FE5
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028F0040
.text C:\WINDOWS\Explorer.EXE[2204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028F0F1D
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 028E001B
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 028E005F
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 028E0FCA
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 028E0FDB
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 028E004E
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 028E0000
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 028E003D
.text C:\WINDOWS\Explorer.EXE[2204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 028E002C
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 028D0FA8
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!system 77C293C7 5 Bytes JMP 028D0FC3
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 028D0FDE
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 028D000C
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 028D0033
.text C:\WINDOWS\Explorer.EXE[2204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\Explorer.EXE[2204] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 028B0000
.text C:\WINDOWS\Explorer.EXE[2204] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 028B0FDB
.text C:\WINDOWS\Explorer.EXE[2204] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 028B0011
.text C:\WINDOWS\Explorer.EXE[2204] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 028B0FC0
.text C:\WINDOWS\Explorer.EXE[2204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028C0000

---- EOF - GMER 1.0.15 ----


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:48 AM

Posted 11 May 2010 - 07:30 AM

Hi,

please run maxlook next:

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
  • Once logged in click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 dawoof6

dawoof6
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 11 May 2010 - 04:04 PM

Here is the MaxLook log:

CODE
Run from C:\Documents and Settings\Walker Family\Desktop\maxlook.exe on Tue 05/11/2010 at 13:51:32.00

--------- maxlook unsigned files ---------

c:\windows\maxdriver\cdrom.sys:
    Verified:    Unsigned
    File date:    11:17 AM 5/11/2010
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Version:    n/a
    File version:    n/a
c:\windows\maxdriver\pcouffin.sys:
    Verified:    Unsigned
    File date:    12:52 AM 7/3/2009
    Publisher:    VSO Software
    Description:    low level access layer for CD/DVD/BD devices
    Product:    Patin couffin engine
    Version:    1.37
    File version:    1.37
c:\windows\maxdriver\pnetmdm.sys:
    Verified:    Unsigned
    File date:    10:20 PM 1/1/2006
    Publisher:    June Fabrics Technology
    Description:    PdaNet Driver
    Product:    PdaNet Driver
    Version:    4,0,0,0
    File version:    4,0,0,0

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\pcouffin.sys:
    Verified:    Unsigned
    File date:    12:52 AM 7/3/2009
    Publisher:    VSO Software
    Description:    low level access layer for CD/DVD/BD devices
    Product:    Patin couffin engine
    Version:    1.37
    File version:    1.37
c:\windows\system32\drivers\pnetmdm.sys:
    Verified:    Unsigned
    File date:    10:20 PM 1/1/2006
    Publisher:    June Fabrics Technology
    Description:    PdaNet Driver
    Product:    PdaNet Driver
    Version:    4,0,0,0
    File version:    4,0,0,0






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users