Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects and Popups


  • This topic is locked This topic is locked
17 replies to this topic

#1 sschoen2

sschoen2

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 20 July 2010 - 10:29 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/331126/virtuemondeamong-other-viruses-on-xp/ ~ OB

This is a GMER log run in safe mode. When I run GMER outside of safe mode, i leave the room only to find that my computer has restarted


QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-20 04:50:24
Windows 5.1.2600 Service Pack 2
Running: 3w6isvvf.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7667BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



DDS.txt


QUOTE
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:21:45.31 on Tue 07/20/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1058 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
uRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
mRunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sdktra~1.lnk - c:\sun\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {3ECF8F2E-9739-4488-8AB2-3BD7EEAD3BFC} = 192.168.0.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5hympy2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {4654A02F-5A49-44DD-A83E-DD9537565BAF} - c:\documents and settings\owner\local settings\application data\{4654A02F-5A49-44DD-A83E-DD9537565BAF}
FF - HiddenExtension: XULRunner: {F9E756EE-2A1A-42E9-9492-D183EB2DAEC0} - c:\documents and settings\owner\local settings\application data\{f9e756ee-2a1a-42e9-9492-d183eb2daec0}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-11 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-6 342128]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-3-26 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-3-26 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-7-9 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-5-5 231424]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-4-29 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-4-29 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-6 70216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-6 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-6 43288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-6 65224]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\odwgu.sys --> c:\windows\system32\drivers\ODWGU.sys [?]
S3 PciCon;PciCon;D:\PciCon.sys [2007-2-14 3968]

=============== Created Last 30 ================

2010-07-21 02:19:32 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-21 01:50:52 3023 ----a-w- c:\windows\system32\spupdsvc.inf
2010-07-21 01:45:25 0 d-----w- c:\windows\system32\scripting
2010-07-21 01:45:24 0 d-----w- c:\windows\system32\en
2010-07-21 01:45:24 0 d-----w- c:\windows\system32\bits
2010-07-21 01:45:24 0 d-----w- c:\windows\l2schemas
2010-07-21 01:40:51 0 d-----w- c:\windows\network diagnostic
2010-07-19 18:01:05 0 d-----w- c:\program files\ESET
2010-07-16 15:42:29 163851 ----a-w- c:\windows\system32\nvapps.xml
2010-07-13 23:06:05 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 06:36:29 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-07-13 06:36:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-13 06:36:13 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-13 05:36:29 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-13 05:36:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 05:36:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-13 05:36:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 05:36:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 02:57:27 8113 ----a-w- c:\documents and settings\owner\.recently-used.xbel
2010-07-12 22:23:52 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-07-12 22:23:42 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-12 22:23:39 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-12 22:23:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-12 22:23:39 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-07-12 22:23:23 0 d-----w- c:\program files\NVIDIA Corporation
2010-07-12 22:22:10 7959 ----a-w- c:\windows\system32\nvinfo.pb
2010-07-12 22:22:10 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-12 22:22:02 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-12 22:22:02 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-12 22:22:01 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-12 22:21:59 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-07-12 22:14:45 0 d-----w- c:\program files\SystemRequirementsLab
2010-07-12 17:02:58 0 d-----w- c:\documents and settings\owner\.gegl-0.0
2010-07-12 16:39:29 0 d-----w- c:\windows\pss
2010-07-12 01:48:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-11 20:16:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 20:15:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 19:28:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 19:27:50 0 d-----w- c:\program files\Lavasoft
2010-07-11 03:23:43 360 ----a-w- c:\windows\system32\.crusader
2010-07-11 03:06:01 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-11 03:05:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-11 03:05:39 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-10 22:32:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-07-10 22:32:39 0 d-----w- c:\program files\Security Task Manager
2010-07-09 02:46:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-08 23:15:12 1027 ----a-w- c:\windows\wininit.ini
2010-07-08 22:18:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 21:08:40 120 ----a-w- c:\windows\Yfizocigez.dat
2010-07-08 21:08:40 0 ----a-w- c:\windows\Tdobobituy.bin

==================== Find3M ====================

2010-06-17 04:23:41 87 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences2.dat
2010-06-17 04:22:00 45 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
2010-06-07 23:57:00 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-05 23:51:02 37264 ----a-w- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2010-05-28 17:58:26 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-06 21:25:54 0 ----a-w- c:\documents and settings\owner\jagex__preferences3.dat
2010-05-02 05:56:34 1850880 ------w- c:\windows\system32\_004897_.tmp.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 21:23:26.71 ===============

Attached Files


Edited by Orange Blossom, 20 July 2010 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 22 July 2010 - 11:22 PM

I think it's getting worse, Just today I left for 5 hours and found multiple unsolicited tabs and popups offering me virus protection. There were even 2 download prompts, but according to my download history, there were no downloads by firefox

Edited by sschoen2, 22 July 2010 - 11:23 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 27 July 2010 - 06:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 27 July 2010 - 11:42 PM

QUOTE
OTL logfile created on: 7/27/2010 11:08:41 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 41.22 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/27 23:06:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/24 22:21:55 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/24 10:25:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/06 12:28:44 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/06 12:28:44 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/14 22:54:24 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/13 09:10:53 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/05/05 13:06:00 | 000,231,424 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/04/29 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/04/29 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/03/21 13:10:30 | 000,610,816 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/02/15 17:43:15 | 000,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/01/16 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/16 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/01/16 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 16:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe


========== Modules (SafeList) ==========

MOD - [2010/07/27 23:06:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/06 12:28:44 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/05 13:06:00 | 000,231,424 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/04/29 20:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/04/29 20:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/04/29 20:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/04/29 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/01/16 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/07/06 12:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/29 20:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/04/29 20:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/04/29 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/04/29 20:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/04/29 20:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/07/03 17:03:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtkhdaud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/10 16:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vx1000.sys -- (VX1000)
DRV - [2007/03/29 11:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/03/26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bios.sys -- (BIOS)
DRV - [2004/01/28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:1.6.0.109
FF - prefs.js..extensions.enabledItems: {4654A02F-5A49-44DD-A83E-DD9537565BAF}:1.9.1
FF - prefs.js..extensions.enabledItems: {F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}:1.9.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2009/09/06 16:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4654A02F-5A49-44DD-A83E-DD9537565BAF}: C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF} [2010/07/18 12:36:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}\ [2010/07/19 14:15:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 10:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 10:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/08 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/27 22:49:46 | 000,000,000 | ---D | M]

[2008/07/09 05:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/22 23:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\extensions
[2010/04/29 08:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 10:43:31 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\searchplugins\bing.xml
[2010/07/22 23:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2009/06/27 14:21:56 | 000,307,738 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10593 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [fytuhsrf] C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy\snaqvlgtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [fytuhsrf] C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy\snaqvlgtssd.exe File not found
O4 - HKU\S-1-5-21-484763869-1844237615-839522115-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-484763869-1844237615-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 05:07:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/03 03:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 11:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f52d84a6-3764-11df-9493-00e04d681391}\Shell\AutoRun\command - "" = E:\Windows_Start_Here.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: ALLUpdate - hkey= - key= - C:\Program Files\ALLPlayer\ALLUpdate.exe File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: mcexecwin - hkey= - key= - C:\DOCUME~1\Owner\LOCALS~1\Temp\qawa3knsz3.DLL File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: ulnljqlx - hkey= - key= - C:\Documents and Settings\Owner\Local Settings\Application Data\mnerhjcla\mduftaktssd.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 23:06:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/25 10:06:14 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/07/24 22:49:25 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/07/24 22:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo
[2010/07/24 22:39:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/24 22:11:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/07/24 22:11:25 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010/07/24 22:11:25 | 000,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2010/07/24 22:11:25 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/07/24 22:11:25 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/24 22:11:25 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/07/24 22:11:25 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/07/24 22:11:25 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/24 22:11:25 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parvdm.sys
[2010/07/24 22:11:24 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/07/24 22:11:24 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisuio.sys
[2010/07/24 22:11:24 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys
[2010/07/24 22:11:24 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxgthk.sys
[2010/07/24 22:11:23 | 001,966,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vx1000.sys
[2010/07/24 22:11:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\udfs.sys
[2010/07/24 22:11:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2010/07/24 22:11:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/07/24 22:11:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/07/24 22:11:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010/07/24 22:11:23 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys
[2010/07/24 22:11:23 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2010/07/24 22:11:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010/07/24 22:11:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidclass.sys
[2010/07/24 22:11:22 | 000,032,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys
[2010/07/24 22:11:22 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/07/24 22:11:22 | 000,014,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nuidfltr.sys
[2010/07/24 22:11:22 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/07/24 22:11:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2010/07/24 22:11:21 | 000,013,696 | R--- | C] (BIOSTAR Group) -- C:\WINDOWS\System32\drivers\bios.sys
[2010/07/24 22:11:21 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/07/24 22:11:20 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/07/24 22:11:20 | 000,175,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2010/07/24 22:11:19 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/07/24 22:11:19 | 000,034,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbios.sys
[2010/07/24 22:11:19 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wanarp.sys
[2010/07/24 22:11:18 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/07/24 22:11:18 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2010/07/24 22:11:18 | 000,152,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipnat.sys
[2010/07/24 22:11:18 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2010/07/24 22:11:17 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2010/07/24 22:11:17 | 000,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npfs.sys
[2010/07/24 22:11:17 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010/07/24 22:11:17 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2010/07/24 22:11:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.sys
[2010/07/24 22:11:17 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfs.sys
[2010/07/24 22:11:17 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasacd.sys
[2010/07/24 22:11:17 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fs_rec.sys
[2010/07/24 22:11:17 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys
[2010/07/24 22:11:17 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcdd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2010/07/24 22:11:17 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\null.sys
[2010/07/24 22:11:16 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/07/24 22:11:16 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/07/24 22:11:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/07/24 22:11:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/07/24 22:11:16 | 000,059,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2010/07/24 22:11:16 | 000,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/07/24 22:11:15 | 004,745,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\rtkhdaud.sys
[2010/07/24 22:11:15 | 000,384,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2010/07/24 22:11:15 | 000,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpdr.sys
[2010/07/24 22:11:15 | 000,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2010/07/24 22:11:15 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouclass.sys
[2010/07/24 22:11:15 | 000,017,792 | ---- | C] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ptilink.sys
[2010/07/24 22:11:15 | 000,016,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspti.sys
[2010/07/24 22:11:15 | 000,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssmbios.sys
[2010/07/24 22:11:15 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swenum.sys
[2010/07/24 22:11:14 | 000,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndiswan.sys
[2010/07/24 22:11:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psched.sys
[2010/07/24 22:11:14 | 000,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasl2tp.sys
[2010/07/24 22:11:14 | 000,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspptp.sys
[2010/07/24 22:11:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspppoe.sys
[2010/07/24 22:11:14 | 000,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgpc.sys
[2010/07/24 22:11:14 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010/07/24 22:11:14 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdi.sys
[2010/07/24 22:11:14 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2010/07/24 22:11:13 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/07/24 22:11:13 | 000,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parport.sys
[2010/07/24 22:11:13 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2010/07/24 22:11:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/07/24 22:11:13 | 000,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serenum.sys
[2010/07/24 22:11:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\audstub.sys
[2010/07/24 22:11:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010/07/24 22:11:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2010/07/24 22:11:12 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/07/24 22:11:12 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010/07/24 22:11:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2010/07/24 22:11:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2010/07/24 22:11:12 | 000,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fdc.sys
[2010/07/24 22:11:12 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2010/07/24 22:11:11 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010/07/24 22:11:11 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\videoprt.sys
[2010/07/24 22:11:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/07/24 22:11:11 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2010/07/24 22:11:11 | 000,042,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi.sys
[2010/07/24 22:11:10 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/24 22:11:10 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/24 22:11:10 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2010/07/24 22:11:10 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/07/24 22:11:10 | 000,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/07/24 22:11:10 | 000,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2010/07/24 22:11:10 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/07/24 22:11:10 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2010/07/24 22:11:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2010/07/24 22:11:09 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/07/24 22:11:09 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010/07/24 22:11:09 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiport.sys
[2010/07/24 22:11:09 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/07/24 22:11:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\lbd.sys
[2010/07/24 22:11:09 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010/07/24 22:11:09 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\classpnp.sys
[2010/07/24 22:11:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\disk.sys
[2010/07/24 22:11:08 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/07/24 22:11:08 | 000,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\volsnap.sys
[2010/07/24 22:11:08 | 000,052,224 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viprt.sys
[2010/07/24 22:11:08 | 000,019,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2010/07/24 22:11:07 | 000,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dllcache\dmio.sys
[2010/07/24 22:11:07 | 000,125,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftdisk.sys
[2010/07/24 22:11:07 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mountmgr.sys
[2010/07/24 22:11:07 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010/07/24 22:11:07 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2010/07/24 22:11:07 | 000,016,896 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vibus.sys
[2010/07/24 22:11:07 | 000,009,216 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\videx32.sys
[2010/07/24 22:11:07 | 000,005,888 | ---- | C] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\dllcache\dmload.sys
[2010/07/24 22:11:07 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2010/07/24 22:11:06 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2010/07/24 22:11:06 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2010/07/24 22:11:06 | 000,037,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2010/07/24 22:11:06 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys
[2010/07/24 22:11:06 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilib.sys
[2010/07/24 22:11:06 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2010/07/24 22:07:34 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/07/22 12:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/22 12:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Office Genuine Advantage
[2010/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy
[2010/07/20 21:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/20 21:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/20 20:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/20 20:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/20 20:35:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/19 14:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}
[2010/07/19 13:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/18 12:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF}
[2010/07/13 18:06:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/13 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/13 01:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 01:34:26 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/07/13 01:34:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/07/13 00:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/13 00:36:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/13 00:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/13 00:36:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/13 00:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 00:34:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\zztoy.exe.exe
[2010/07/12 17:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/07/12 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/12 17:22:10 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/12 17:22:02 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/07/12 17:22:02 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/07/12 17:22:01 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/07/12 17:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/07/12 12:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gegl-0.0
[2010/07/12 11:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/11 15:15:38 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/11 15:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/07/11 14:28:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/11 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/10 22:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/10 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/10 18:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/10 18:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/10 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/07/10 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/09 16:24:26 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/07/09 16:24:18 | 000,277,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/07/09 16:24:18 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/07/09 16:24:16 | 013,923,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/07/09 16:24:16 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/07/08 23:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HijackThis
[2010/07/08 21:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/08 21:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/08 17:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/08 17:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/07/08 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Thunderbird
[2010/07/08 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Thunderbird
[2010/07/08 16:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 16:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\mnerhjcla
[2010/06/28 19:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\excersizes
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/27 23:06:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/27 22:59:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-839522115-1003UA.job
[2010/07/27 22:59:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-839522115-1003Core1cac6a381fec2ea.job
[2010/07/27 21:17:45 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/27 21:17:02 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/27 21:15:45 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/27 20:09:04 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 10:59:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/27 10:50:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/27 10:48:37 | 000,013,812 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/27 10:47:55 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/27 10:47:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/27 10:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/27 02:07:32 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/27 02:06:40 | 002,115,134 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/26 22:00:19 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/26 22:00:18 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/07/26 01:01:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 00:22:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copy of Diablo II - Lord of Destruction.lnk
[2010/07/24 22:56:00 | 000,005,799 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2010/07/24 22:49:25 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/07/24 22:49:25 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2010/07/24 22:44:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/24 22:37:31 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/24 22:37:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/24 22:37:26 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/24 22:33:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 22:33:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 22:06:59 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(2).zip
[2010/07/23 00:16:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you letter.doc
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/07/22 14:07:17 | 000,005,932 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\004 interview questions.rtf
[2010/07/20 21:51:11 | 000,574,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/20 21:51:11 | 000,479,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/20 21:51:11 | 000,085,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 21:49:28 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/20 21:45:02 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 21:25:11 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/20 21:19:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/20 21:18:01 | 000,037,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 21:17:06 | 002,162,612 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/20 20:40:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/19 17:23:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yfizocigez.dat
[2010/07/19 12:37:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tdobobituy.bin
[2010/07/18 18:58:51 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Frozen Throne.lnk
[2010/07/16 10:42:51 | 000,163,851 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/14 03:01:04 | 000,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/13 01:42:01 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\instructions.rtf
[2010/07/13 01:36:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 01:34:38 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/07/13 01:33:57 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/07/13 00:36:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 00:32:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\zztoy.exe.exe
[2010/07/12 21:57:27 | 000,008,113 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/07/12 20:36:38 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cognitive Games Survey.doc
[2010/07/12 17:23:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/12 16:51:29 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 11:59:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 11:59:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/12 11:33:56 | 000,000,360 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/11 15:15:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/11 14:28:26 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/11 14:28:25 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/10 20:46:26 | 000,001,027 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/09 17:38:00 | 013,549,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/09 17:38:00 | 010,260,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/07/09 17:38:00 | 006,343,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/07/09 17:38:00 | 006,343,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/07/09 17:38:00 | 004,595,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/07/09 17:38:00 | 002,914,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/07/09 17:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/07/09 17:38:00 | 002,195,030 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/09 17:38:00 | 001,388,544 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/07/09 17:38:00 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/07/09 17:38:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/07/09 17:38:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/07/09 17:38:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/09 17:38:00 | 000,025,836 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/09 17:38:00 | 000,007,959 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/09 16:24:26 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/07/09 16:24:18 | 000,277,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/07/09 16:24:18 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/07/09 16:24:16 | 013,923,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/07/09 16:24:16 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/07/08 22:02:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/07 13:46:46 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/07/07 00:03:54 | 000,006,521 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Yodle interview questions.rtf
[2010/07/06 23:19:05 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\yodle thank you letter.doc
[2010/07/06 12:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\lbd.sys
[2010/07/06 12:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 00:17:12 | 000,006,044 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Document3.rtf
[2010/06/28 19:39:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\triangle.c
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/27 21:17:45 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/27 21:17:02 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/27 21:15:45 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/25 00:21:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copy of Diablo II - Lord of Destruction.lnk
[2010/07/24 22:49:25 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/07/24 22:49:21 | 000,005,799 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/07/24 22:33:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 22:06:57 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(2).zip
[2010/07/23 00:16:59 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Thank you letter.doc
[2010/07/22 12:39:10 | 000,005,932 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\004 interview questions.rtf
[2010/07/20 21:49:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/20 21:25:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/07/20 21:25:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/20 21:19:32 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_disable.log
[2010/07/20 21:19:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/20 20:22:57 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/16 10:42:29 | 000,163,851 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/13 01:42:01 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\instructions.rtf
[2010/07/13 01:36:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 00:36:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:57:27 | 000,008,113 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/07/12 20:36:37 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cognitive Games Survey.doc
[2010/07/12 17:23:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/12 17:23:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/12 17:23:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/12 17:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/12 17:22:10 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/12 17:21:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/11 20:48:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/11 15:24:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/11 14:28:26 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/11 14:28:25 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/10 22:23:43 | 000,000,360 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/10 22:06:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/08 18:15:12 | 000,001,027 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/08 17:18:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 16:08:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yfizocigez.dat
[2010/07/08 16:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tdobobituy.bin
[2010/07/06 23:19:05 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\yodle thank you letter.doc
[2010/07/06 00:25:29 | 000,006,521 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Yodle interview questions.rtf
[2010/07/01 00:09:15 | 000,006,044 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Document3.rtf
[2010/06/28 19:39:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\triangle.c
[2010/04/27 22:50:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\QQPlayer.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/01/24 00:36:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/30 00:21:00 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/09/09 10:45:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/09 10:45:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/18 05:49:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/18 05:49:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/18 05:49:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/17 12:33:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/31 18:44:04 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/31 18:44:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/20 19:58:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/12/07 00:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Temp\WebStore\I386\sp2.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/02/28 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Temp\WebStore\I386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/07/20 20:34:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0034\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 10:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2005/05/17 17:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) MD5=9C8A8E00648EAF7A1D794F7CFB25A6B4 -- C:\WINDOWS\dell\nvraid\nvraid.sys
[2005/05/17 17:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) MD5=9C8A8E00648EAF7A1D794F7CFB25A6B4 -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIPRT.SYS >
[2007/03/26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\WINDOWS\system32\drivers\viprt.sys
[2007/03/26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\ViPrt.sys
[2007/03/26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=7C69B1B6DEC5F8584AA352E522AF1476 -- C:\WINDOWS\system32\ReinstallBackups\0033\DriverFiles\ViPrt.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/09 02:42:32 | 000,229,376 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/09 07:30:17 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/07/09 02:42:32 | 009,175,040 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/09 02:42:33 | 004,194,304 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/09 18:01:10 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2010/06/09 18:01:10 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2010/07/12 16:51:29 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/07/06 12:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\lbd.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/06/09 18:01:10 | 000,045,648 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2010/07/11 15:15:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
< End of report >


QUOTE
OTL Extras logfile created on: 7/27/2010 11:08:41 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 41.22 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-484763869-1844237615-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6112:TCP" = 6112:TCP:*:Enabled:6112
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\steamapps\karate_kid_x\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\karate_kid_x\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\karate_kid_x\half-life\hl.exe" = C:\Program Files\Steam\steamapps\karate_kid_x\half-life\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Steam\steamapps\karate_kid_x\team fortress classic\hl.exe" = C:\Program Files\Steam\steamapps\karate_kid_x\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Microsoft XNA\XNA Game Studio Express\v1.0\Bin\XnaTrans.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio Express\v1.0\Bin\XnaTrans.exe:LocalSubNet:Enabled:XNA Game Studio Transport -- (Microsoft Corporation)
"C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaTrans.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaTrans.exe:LocalSubNet:Enabled:XNA Game Studio 2.0 Transport -- (Microsoft Corporation)
"C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaLiveProxy.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows – LIVE -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Owner\Desktop\games\nestc042\NESTCL95.EXE" = C:\Documents and Settings\Owner\Desktop\games\nestc042\NESTCL95.EXE:*:Enabled:NESTCL95 -- ()
"C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe" = C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.0 Transport -- (Microsoft Corporation)
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Tools\AudConsole.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Tools\AudConsole.exe:*:Enabled:XACT Auditioning Utility -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\World Editor.exe" = C:\Program Files\Warcraft III\World Editor.exe:*:Enabled:Warcraft III World Editor -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Documents and Settings\Owner\Local Settings\Temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Sun\SDK\jdk\bin\java.exe" = C:\Sun\SDK\jdk\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Owner\Desktop\eclipse\eclipse.exe" = C:\Documents and Settings\Owner\Desktop\eclipse\eclipse.exe:*:Enabled:eclipse -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Documents and Settings\Owner\Desktop\games\zsnes\zsnesw.exe" = C:\Documents and Settings\Owner\Desktop\games\zsnes\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Documents and Settings\Owner\Desktop\games\SNES GAMES\zsnesw.exe" = C:\Documents and Settings\Owner\Desktop\games\SNES GAMES\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Program Files\zbattle.net\zbattle.net.exe" = C:\Program Files\zbattle.net\zbattle.net.exe:*:Enabled:zbattle.net -- ()
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Owner\Desktop\ghost\ghost.exe" = C:\Documents and Settings\Owner\Desktop\ghost\ghost.exe:*:Enabled:ghost -- File not found
"C:\Documents and Settings\Owner\My Documents\Downloads\kaillera\kaillerasrv.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\kaillera\kaillerasrv.exe:*:Enabled:kaillerasrv -- File not found
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iii complete\Conquests\Civ3Conquests.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iii complete\Conquests\Civ3Conquests.exe:*:Enabled:Sid Meier's Civilization III: Complete -- (© 2001-2004 Atari Inc.)
"C:\Ruby\bin\ruby.exe" = C:\Ruby\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] -- File not found
"C:\Program Files\Adobe\Adobe Flash Builder 4\FlashBuilder.exe" = C:\Program Files\Adobe\Adobe Flash Builder 4\FlashBuilder.exe:*:Enabled:FlashBuilder -- File not found
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\karate_kid_x\source sdk base 2007\hl2.exe" = C:\Program Files\Steam\steamapps\karate_kid_x\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007 -- ()
"C:\Program Files\Steam\steamapps\karate_kid_x\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\karate_kid_x\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- File not found
"C:\Program Files\Diablo\Diablo.exe" = C:\Program Files\Diablo\Diablo.exe:*:Enabled:Diablo -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{070B87FB-CD1A-45AA-9E5E-484E5964C6ED}" = Microsoft XNA Game Studio 2.0 (ARP entry)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B9375F0-ADAC-4843-AAFF-BAB7D8340BE0}" = McAfee SiteAdvisor Enterprise
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{152F8595-0D36-4BE4-9FBD-5AD87AC3D3E5}" = Microsoft XNA Game Studio Express 1.0 Refresh
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{31EA6FCB-6C53-4BA7-BE88-9BA788899C2C}" = Microsoft XNA Game Studio 2.0 (Redists)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3432C2AA-BB3E-44B3-B5ED-EF36E0241100}" = Microsoft XNA Game Studio 2.0 (spacewar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B5A6E00-2B27-4E1A-8A33-E3A40DEFD4DC}" = Microsoft XNA Game Studio 2.0 Documentation
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B96628C-8898-4FED-9612-25631C27AB13}" = Microsoft XNA Game Studio 2.0 (xnaliveproxy)
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE6FB4CD-554F-4560-9A99-F8AE602414DB}" = TortoiseSVN 1.6.0.15855 (32 bit)
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18DA187-6C0D-4B8E-99AE-74D5C588AFB6}" = Microsoft XNA Game Studio 2.0 (shared components)
"{C357E2C9-091F-4B12-BB1C-2E7B19112BC4}" = Microsoft XNA Game Studio 2.0
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CAEFCCB6-7A9E-44D3-9FFC-DE182FC805B9}" = QuickXAP
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Diablo" = Diablo
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"EA Download Manager" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"FinalMediaPlayer_is1" = Final Media Player 2010
"FreezeSMS" = FreezeSMS
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.12
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"IsoBuster_is1" = IsoBuster 2.4
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft XNA Game Studio 2.0" = Microsoft XNA Game Studio 2.0
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-glassfish-mod-3.0.0.28.20081022" = GlassFish v3 Prelude
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Security Task Manager" = Security Task Manager 1.7h
"Smart WAV Converter_is1" = Smart WAV Converter
"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)
"Starcraft" = Starcraft
"Steam App 20" = Team Fortress Classic
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 280" = Half-Life: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 9740" = Indigo Prophecy
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.9
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"zbattle.net_is1" = zbattle.net 1.09 SR-1 beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2010 12:55:32 PM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/23/2010 4:21:58 PM | Computer Name = SAMSPC | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in process #2688. Just-In-Time
debugging this exception failed with the following error: The process ID is invalid.

Check
the documentation index for 'Just-in-time debugging, errors' for more information.

Error - 7/24/2010 12:48:56 AM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/24/2010 11:21:37 AM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/24/2010 11:16:55 PM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/24/2010 11:27:15 PM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/24/2010 11:45:37 PM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/25/2010 11:02:46 AM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/26/2010 12:31:33 PM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 7/27/2010 11:48:12 AM | Computer Name = SAMSPC | Source = MSSQL$SQLEXPRESS | ID = 9003
Description = The log scan number (376:104:1) passed to log scan in database 'master'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

[ System Events ]
Error - 7/24/2010 11:21:23 AM | Computer Name = SAMSPC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/24/2010 11:21:23 AM | Computer Name = SAMSPC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/24/2010 11:21:49 AM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/24/2010 11:17:04 PM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/24/2010 11:21:58 PM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 7/24/2010 11:27:16 PM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/24/2010 11:45:38 PM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/25/2010 11:02:46 AM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/26/2010 12:31:36 PM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).

Error - 7/27/2010 11:48:13 AM | Computer Name = SAMSPC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (SQLEXPRESS) service terminated with service-specific
error 3417 (0xD59).


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 28 July 2010 - 01:53 AM

Hi,

please run the following fix with OTL:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/07/19 17:23:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yfizocigez.dat
    [2010/07/19 12:37:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tdobobituy.bin
    O4 - HKU\.DEFAULT..\Run: [fytuhsrf] C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy\snaqvlgtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [fytuhsrf] C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy\snaqvlgtssd.exe File not found
    FF - HKLM\software\mozilla\Firefox\Extensions\\{4654A02F-5A49-44DD-A83E-DD9537565BAF}: C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF} [2010/07/18 12:36:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}\ [2010/07/19 14:15:29 | 000,000,000 | ---D | M]
    FF - prefs.js..extensions.enabledItems: {4654A02F-5A49-44DD-A83E-DD9537565BAF}:1.9.1
    FF - prefs.js..extensions.enabledItems: {F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}:1.9.1
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Let me know if that helps.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 28 July 2010 - 08:49 AM

QUOTE
All processes killed
========== OTL ==========
C:\WINDOWS\Yfizocigez.dat moved successfully.
C:\WINDOWS\Tdobobituy.bin moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\fytuhsrf deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\fytuhsrf not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4654A02F-5A49-44DD-A83E-DD9537565BAF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4654A02F-5A49-44DD-A83E-DD9537565BAF}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{4654A02F-5A49-44DD-A83E-DD9537565BAF} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}\ not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\{F9E756EE-2A1A-42E9-9492-D183EB2DAEC0} folder moved successfully.
Prefs.js: {4654A02F-5A49-44DD-A83E-DD9537565BAF}:1.9.1 removed from extensions.enabledItems
Prefs.js: {F9E756EE-2A1A-42E9-9492-D183EB2DAEC0}:1.9.1 removed from extensions.enabledItems
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->FireFox cache emptied: 3562596 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 780356 bytes
->Flash cache emptied: 2949 bytes

User: NetworkService
->Temp folder emptied: 131072 bytes
->Temporary Internet Files folder emptied: 6175825 bytes
->Java cache emptied: 26 bytes
->Flash cache emptied: 6038 bytes

User: Owner
->Temp folder emptied: 386841336 bytes
->Temporary Internet Files folder emptied: 33073815 bytes
->Java cache emptied: 116337347 bytes
->FireFox cache emptied: 68878164 bytes
->Google Chrome cache emptied: 390983980 bytes
->Flash cache emptied: 295808 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2637079 bytes
%systemroot%\System32 .tmp files removed: 4230673 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5547702 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 117131278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1398561672 bytes

Total Files Cleaned = 2,418.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07282010_071722

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




QUOTE
OTL logfile created on: 7/28/2010 8:23:26 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 41.68 Gb Free Space | 27.96% Space Free | Partition Type: NTFS
Drive D: | 637.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe ()
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (msvsmon90) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found
DRV - (PciCon) -- D:\PciCon.sys File not found
DRV - (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa) -- C:\WINDOWS\System32\DRIVERS\ODWGU.sys File not found
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\rtkhdaud.sys (Realtek Semiconductor Corp.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\vx1000.sys (Microsoft Corporation)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (ViPrt) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\bios.sys (BIOSTAR Group)
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:1.6.0.109
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:54:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/04 15:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2009/09/06 16:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 10:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 10:25:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/08 16:34:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/27 22:49:46 | 000,000,000 | ---D | M]

[2008/07/09 05:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/07/09 05:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/22 23:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\extensions
[2010/04/29 08:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 10:43:31 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hympy2p.default\searchplugins\bing.xml
[2010/07/22 23:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 10:25:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/18 20:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/09/04 15:27:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/07/24 10:25:13 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/24 10:25:14 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/04/29 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/09/04 15:27:18 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/07/24 10:25:19 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 14:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/09/10 14:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/14 13:27:41 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/14 13:27:41 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/14 13:27:41 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/14 13:27:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/14 13:27:41 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/14 13:27:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/14 13:27:42 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/27 14:21:56 | 000,307,738 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10593 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 05:07:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/03/03 03:05:07 | 004,429,073 | R--- | M] (Blizzard Entertainment) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/10/19 11:45:49 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f52d84a6-3764-11df-9493-00e04d681391}\Shell\AutoRun\command - "" = E:\Windows_Start_Here.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/28 07:17:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/27 23:06:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/25 10:06:14 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/07/24 22:49:25 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/07/24 22:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo
[2010/07/24 22:39:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/24 22:11:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/07/24 22:11:25 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010/07/24 22:11:25 | 000,180,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2010/07/24 22:11:25 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2010/07/24 22:11:25 | 000,091,640 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/24 22:11:25 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/07/24 22:11:25 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/07/24 22:11:25 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/24 22:11:25 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parvdm.sys
[2010/07/24 22:11:24 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/07/24 22:11:24 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisuio.sys
[2010/07/24 22:11:24 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys
[2010/07/24 22:11:24 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxgthk.sys
[2010/07/24 22:11:23 | 001,966,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vx1000.sys
[2010/07/24 22:11:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\udfs.sys
[2010/07/24 22:11:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2010/07/24 22:11:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/07/24 22:11:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/07/24 22:11:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2010/07/24 22:11:23 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys
[2010/07/24 22:11:23 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxapi.sys
[2010/07/24 22:11:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010/07/24 22:11:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidclass.sys
[2010/07/24 22:11:22 | 000,032,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdfldr.sys
[2010/07/24 22:11:22 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/07/24 22:11:22 | 000,014,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nuidfltr.sys
[2010/07/24 22:11:22 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/07/24 22:11:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2010/07/24 22:11:21 | 000,013,696 | R--- | C] (BIOSTAR Group) -- C:\WINDOWS\System32\drivers\bios.sys
[2010/07/24 22:11:21 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/07/24 22:11:20 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/07/24 22:11:20 | 000,175,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdbss.sys
[2010/07/24 22:11:19 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/07/24 22:11:19 | 000,034,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbios.sys
[2010/07/24 22:11:19 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wanarp.sys
[2010/07/24 22:11:18 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2010/07/24 22:11:18 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2010/07/24 22:11:18 | 000,152,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipnat.sys
[2010/07/24 22:11:18 | 000,063,696 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2010/07/24 22:11:17 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2010/07/24 22:11:17 | 000,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npfs.sys
[2010/07/24 22:11:17 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010/07/24 22:11:17 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2010/07/24 22:11:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.sys
[2010/07/24 22:11:17 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfs.sys
[2010/07/24 22:11:17 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasacd.sys
[2010/07/24 22:11:17 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fs_rec.sys
[2010/07/24 22:11:17 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys
[2010/07/24 22:11:17 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcdd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.sys
[2010/07/24 22:11:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2010/07/24 22:11:17 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\null.sys
[2010/07/24 22:11:16 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/07/24 22:11:16 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2010/07/24 22:11:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/07/24 22:11:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2010/07/24 22:11:16 | 000,059,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2010/07/24 22:11:16 | 000,040,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/07/24 22:11:15 | 004,745,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\rtkhdaud.sys
[2010/07/24 22:11:15 | 000,384,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2010/07/24 22:11:15 | 000,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpdr.sys
[2010/07/24 22:11:15 | 000,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2010/07/24 22:11:15 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouclass.sys
[2010/07/24 22:11:15 | 000,017,792 | ---- | C] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ptilink.sys
[2010/07/24 22:11:15 | 000,016,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspti.sys
[2010/07/24 22:11:15 | 000,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssmbios.sys
[2010/07/24 22:11:15 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swenum.sys
[2010/07/24 22:11:14 | 000,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndiswan.sys
[2010/07/24 22:11:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psched.sys
[2010/07/24 22:11:14 | 000,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasl2tp.sys
[2010/07/24 22:11:14 | 000,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspptp.sys
[2010/07/24 22:11:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raspppoe.sys
[2010/07/24 22:11:14 | 000,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgpc.sys
[2010/07/24 22:11:14 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010/07/24 22:11:14 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdi.sys
[2010/07/24 22:11:14 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2010/07/24 22:11:13 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/07/24 22:11:13 | 000,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\parport.sys
[2010/07/24 22:11:13 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2010/07/24 22:11:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdclass.sys
[2010/07/24 22:11:13 | 000,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serenum.sys
[2010/07/24 22:11:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\audstub.sys
[2010/07/24 22:11:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010/07/24 22:11:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2010/07/24 22:11:12 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/07/24 22:11:12 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2010/07/24 22:11:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2010/07/24 22:11:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2010/07/24 22:11:12 | 000,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fdc.sys
[2010/07/24 22:11:12 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2010/07/24 22:11:11 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010/07/24 22:11:11 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\videoprt.sys
[2010/07/24 22:11:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/07/24 22:11:11 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2010/07/24 22:11:11 | 000,042,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi.sys
[2010/07/24 22:11:10 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/24 22:11:10 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/24 22:11:10 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2010/07/24 22:11:10 | 000,342,128 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/07/24 22:11:10 | 000,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/07/24 22:11:10 | 000,105,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2010/07/24 22:11:10 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/07/24 22:11:10 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2010/07/24 22:11:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2010/07/24 22:11:09 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/07/24 22:11:09 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010/07/24 22:11:09 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiport.sys
[2010/07/24 22:11:09 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2010/07/24 22:11:09 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\lbd.sys
[2010/07/24 22:11:09 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010/07/24 22:11:09 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\classpnp.sys
[2010/07/24 22:11:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\disk.sys
[2010/07/24 22:11:08 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/07/24 22:11:08 | 000,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\volsnap.sys
[2010/07/24 22:11:08 | 000,052,224 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viprt.sys
[2010/07/24 22:11:08 | 000,019,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2010/07/24 22:11:07 | 000,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dllcache\dmio.sys
[2010/07/24 22:11:07 | 000,125,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftdisk.sys
[2010/07/24 22:11:07 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mountmgr.sys
[2010/07/24 22:11:07 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010/07/24 22:11:07 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2010/07/24 22:11:07 | 000,016,896 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vibus.sys
[2010/07/24 22:11:07 | 000,009,216 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\videx32.sys
[2010/07/24 22:11:07 | 000,005,888 | ---- | C] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\dllcache\dmload.sys
[2010/07/24 22:11:07 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2010/07/24 22:11:06 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2010/07/24 22:11:06 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2010/07/24 22:11:06 | 000,037,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2010/07/24 22:11:06 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys
[2010/07/24 22:11:06 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmilib.sys
[2010/07/24 22:11:06 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2010/07/24 22:07:34 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/07/22 12:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/22 12:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Office Genuine Advantage
[2010/07/21 16:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\usnqicivy
[2010/07/20 21:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/20 21:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/20 20:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/20 20:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/20 20:40:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/20 20:35:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/20 20:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/20 20:22:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/19 13:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/13 18:06:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/07/13 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/13 01:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/13 01:34:26 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/07/13 01:34:01 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/07/13 00:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/07/13 00:36:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/13 00:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/13 00:36:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/13 00:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 00:34:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\zztoy.exe.exe
[2010/07/12 17:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/07/12 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/12 17:22:10 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/12 17:22:02 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/07/12 17:22:02 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/07/12 17:22:01 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/07/12 17:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/12 17:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/07/12 12:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gegl-0.0
[2010/07/12 11:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/11 15:15:38 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/11 15:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/07/11 14:28:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/11 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/10 22:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/10 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/10 18:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/10 18:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/10 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/07/10 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/09 16:24:26 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/07/09 16:24:18 | 000,277,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/07/09 16:24:18 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/07/09 16:24:16 | 013,923,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/07/09 16:24:16 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/07/08 23:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HijackThis
[2010/07/08 21:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/08 21:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/08 17:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/08 17:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 16:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/07/08 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Thunderbird
[2010/07/08 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Thunderbird
[2010/07/08 16:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 16:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\mnerhjcla
[2010/06/28 19:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\excersizes

========== Files - Modified Within 30 Days ==========

[2010/07/28 07:59:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-839522115-1003UA.job
[2010/07/28 07:23:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/28 07:21:42 | 000,013,812 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 07:20:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/28 07:20:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 07:20:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 07:19:56 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/27 23:59:15 | 003,179,760 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/27 23:06:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/27 22:59:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-839522115-1003Core1cac6a381fec2ea.job
[2010/07/27 21:17:45 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/27 21:17:02 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/27 21:15:45 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/27 20:09:04 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 10:59:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/07/26 22:00:19 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/26 22:00:18 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/07/26 01:01:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 00:22:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copy of Diablo II - Lord of Destruction.lnk
[2010/07/24 22:56:00 | 000,005,799 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2010/07/24 22:49:25 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/07/24 22:49:25 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2010/07/24 22:44:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/24 22:37:31 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/24 22:37:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/24 22:37:26 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/24 22:33:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 22:33:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 22:06:59 | 001,108,900 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(2).zip
[2010/07/23 00:16:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Thank you letter.doc
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/07/22 14:07:17 | 000,005,932 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\004 interview questions.rtf
[2010/07/20 21:51:11 | 000,574,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/20 21:51:11 | 000,479,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/20 21:51:11 | 000,085,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 21:49:28 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/20 21:45:02 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 21:25:11 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/20 21:19:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/20 21:18:01 | 000,037,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/20 21:17:06 | 002,162,612 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/20 20:40:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/18 18:58:51 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Frozen Throne.lnk
[2010/07/16 10:42:51 | 000,163,851 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/14 03:01:04 | 000,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/13 01:42:01 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\instructions.rtf
[2010/07/13 01:36:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 01:34:38 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/07/13 01:33:57 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2010/07/13 00:36:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 00:32:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\zztoy.exe.exe
[2010/07/12 21:57:27 | 000,008,113 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/07/12 20:36:38 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cognitive Games Survey.doc
[2010/07/12 17:23:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/12 16:51:29 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/12 11:59:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 11:59:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/12 11:33:56 | 000,000,360 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/07/11 15:15:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/11 14:28:26 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/11 14:28:25 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/10 20:46:26 | 000,001,027 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/09 17:38:00 | 013,549,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/09 17:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/09 17:38:00 | 010,260,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/07/09 17:38:00 | 006,343,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/07/09 17:38:00 | 006,343,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/07/09 17:38:00 | 004,595,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/07/09 17:38:00 | 002,914,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/07/09 17:38:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/07/09 17:38:00 | 002,195,030 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/09 17:38:00 | 001,388,544 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/07/09 17:38:00 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/07/09 17:38:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/07/09 17:38:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/07/09 17:38:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/07/09 17:38:00 | 000,025,836 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/09 17:38:00 | 000,007,959 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/09 16:24:26 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/07/09 16:24:18 | 000,277,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/07/09 16:24:18 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/07/09 16:24:16 | 013,923,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/07/09 16:24:16 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/07/08 22:02:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/07 13:46:46 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/07/07 00:03:54 | 000,006,521 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Yodle interview questions.rtf
[2010/07/06 23:19:05 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\yodle thank you letter.doc
[2010/07/06 12:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\lbd.sys
[2010/07/06 12:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 00:17:12 | 000,006,044 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Document3.rtf
[2010/06/28 19:39:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\triangle.c

========== Files Created - No Company Name ==========

[2010/07/27 21:17:45 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/27 21:17:02 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/27 21:15:45 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/25 00:21:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copy of Diablo II - Lord of Destruction.lnk
[2010/07/24 22:49:25 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/07/24 22:49:21 | 000,005,799 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/07/24 22:33:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/24 22:06:57 | 001,108,900 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller(2).zip
[2010/07/23 00:16:59 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Thank you letter.doc
[2010/07/22 12:39:10 | 000,005,932 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\004 interview questions.rtf
[2010/07/20 21:49:25 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/20 21:25:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/07/20 21:25:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/20 21:19:32 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_disable.log
[2010/07/20 21:19:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/07/20 20:22:57 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/16 10:42:29 | 000,163,851 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/13 01:42:01 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\instructions.rtf
[2010/07/13 01:36:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/13 00:36:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:57:27 | 000,008,113 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/07/12 20:36:37 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cognitive Games Survey.doc
[2010/07/12 17:23:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/12 17:23:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/12 17:23:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/12 17:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/07/12 17:22:10 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/12 17:21:59 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/11 20:48:31 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/11 15:24:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/11 14:28:26 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/11 14:28:25 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/10 22:23:43 | 000,000,360 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/07/10 22:06:01 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/08 18:15:12 | 000,001,027 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/08 17:18:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/06 23:19:05 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\yodle thank you letter.doc
[2010/07/06 00:25:29 | 000,006,521 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Yodle interview questions.rtf
[2010/07/01 00:09:15 | 000,006,044 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Document3.rtf
[2010/06/28 19:39:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\triangle.c
[2010/04/27 22:50:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\QQPlayer.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/01/24 00:36:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/30 00:21:00 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/09/09 10:45:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/09 10:45:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/18 05:49:04 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/18 05:49:04 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/18 05:49:04 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/17 12:33:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/31 18:44:04 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/31 18:44:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/20 19:58:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/12/07 00:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
< End of report >


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 28 July 2010 - 09:37 AM

Hi,

how is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 28 July 2010 - 11:55 AM

I haven't recieved many redirects recently, but my computer doesn't seem to be performing as well ad it did before the viruses.

The redirects receded before, and then came back with a vengence. I'll have to wait and see how things turn out

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 28 July 2010 - 12:53 PM

Hi,

have the redirects diminished or are they gone?
please run a scan with gmer then:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 28 July 2010 - 08:29 PM

QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 20:26:56
Windows 5.1.2600 Service Pack 3
Running: 3w6isvvf.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB811887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8118BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB459A620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB7DA523A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB7DA5090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB7DA50A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7DA510C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7DA5138]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB7DA51A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB7DA5190]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB7DA51BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7DA527A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB7DA51E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7DA50E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7DA5054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7DA5068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB7DA524E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB7DA5224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB7DA517A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB7DA5164]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7DA5122]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB7DA5210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB7DA51FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7DA50CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7DA50BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7DA52A9]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB7DA51D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7DA5290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7DA5264]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B7DA5268 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B7DA523E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP B7DA527E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP B7DA5294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP B7DA5252 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP B7DA5058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP B7DA506C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP B7DA50BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B7DA50A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B7DA5094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP B7DA50D2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B7DA52AD mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP B7DA5168 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 7 Bytes JMP B7DA51D6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP B7DA517E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B7DA5126 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B7DA5110 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 3 Bytes JMP B7DA513C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey + 4 80623E38 3 Bytes [37, 90, 90] {AAA ; NOP ; NOP }
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP B7DA51AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP B7DA5194 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP B7DA50E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP B7DA5228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP B7DA5200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 806255F8 7 Bytes JMP B7DA51C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP B7DA5214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP B7DA51EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6EE73A0, 0x59FFE5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A90F8D
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A90F9E
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A90FB9
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A90FCA
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A9005B
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A900AE
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A90F72
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A900F5
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A900DA
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A90106
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A90076
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A9009D
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A90FE5
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A900BF
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F72
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660014
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660F83
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 88]
.text C:\WINDOWS\system32\svchost.exe[200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650F9A
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FBC
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FAB
.text C:\WINDOWS\system32\svchost.exe[200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[200] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[200] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[200] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00640FB7
.text C:\WINDOWS\system32\svchost.exe[200] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01410FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01410040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01410F4B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01410F66
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01410F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0141001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0141006E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01410F26
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014100A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01410F0B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01410EE6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0141002F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01410FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01410051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01410FA8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01410FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0141007F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01400FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01400F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01400FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0140000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01400036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01400FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01400F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [60, 89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01400025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013F0058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!system 77C293C7 5 Bytes JMP 013F003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013F0FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013F0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013F0022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013F0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013E0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA0F70
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0F81
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0065
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0054
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F42
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA0F53
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0EFB
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F0C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA0EE0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA0080
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F31
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90043
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E9001E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90F86
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E90FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [09, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80031
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80FA6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E80016
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E80FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E80FC1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E80FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01110000
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01110093
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01110F9E
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0111006C
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01110051
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01110036
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011100C9
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011100AE
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01110F41
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011100DA
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011100F5
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01110FAF
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01110FE5
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01110F83
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01110FCA
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01110011
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01110F66
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01100FE5
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01100FB6
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0110002C
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0110001B
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01100073
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01100000
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01100062
.text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01100051
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010F0069
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 010F0058
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010F0033
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010F0000
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010F0FDE
.text C:\WINDOWS\system32\services.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010F0FEF
.text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA00AE
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0091
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0051
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA00F5
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA00DA
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F88
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0121
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0F77
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA00C9
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA002C
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0110
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FC0
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90058
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90047
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90FA5
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C9002C
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80F92
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FAD
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8001D
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FC8
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B7008C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B70F8D
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B70F9E
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70047
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B700BA
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F72
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B70F50
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B700E9
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B70F35
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B70FC0
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B7009D
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B70F61
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B60051
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B60FCA
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B60F94
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B60036
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B60FAF
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50FAD
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50FC8
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B5001D
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B5002E
.text C:\WINDOWS\system32\svchost.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B50FE3
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F5E
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30F79
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30051
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30F94
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FB9
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D30F3C
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D30078
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F10
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30F21
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30EFF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F4D
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30FCA
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D3009F
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D2005B
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D20F94
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D20FAF
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 88]
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10F78
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10F89
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10FAB
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10FE3
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10F9A
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10FC6
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A00FEF
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01A00076
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01A00051
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01A00040
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01A0002F
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01A00F9E
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01A00F24
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01A00F3F
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01A00F13
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01A000AC
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01A00F02
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01A00F8D
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01A00000
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01A00F5C
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01A00FB9
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01A00FCA
.text C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01A00091
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 019F002F
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 019F0F72
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 019F0FDE
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 019F0FEF
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 019F0F83
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 019F000A
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 019F0FA8
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 89]
.text C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 019F0FB9
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 019E0FC3
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 019E0FD4
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 019E0FEF
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 019E000C
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 019E0044
.text C:\WINDOWS\System32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 019E001D
.text C:\WINDOWS\System32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016B0FE5
.text C:\WINDOWS\System32\svchost.exe[1268] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 016C0011
.text C:\WINDOWS\System32\svchost.exe[1268] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 016C0000
.text C:\WINDOWS\System32\svchost.exe[1268] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 016C0022
.text C:\WINDOWS\System32\svchost.exe[1268] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 016C0FC5
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE00A4
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0089
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F79
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F3C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00D5
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F2B
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F57
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F79
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0FC3
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC001D
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0F79
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0F8A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C006E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0051
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0036
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C0F52
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C009A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00D0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F2D
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F12
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0FAF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C0089
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C001B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C00B5
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B007D
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B0FE5
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007B006C
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007B0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9B, 88]
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007B0051
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0014
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0F89
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0FAB
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0FE3
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A0F9A
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0FD2
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FE5
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F5F
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A1004A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10039
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10F7C
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10FA8
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A1009B
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A1008A
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10F16
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A10F27
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A100C0
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10F8D
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A10079
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10F38
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00F97
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00FA8
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C0, 88]
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A0004A
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F003D
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F002C
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0011
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F0FBC
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01710FE5
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01710F6B
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01710060
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01710F86
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01710039
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01710014
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01710096
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01710F44
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01710F0E
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017100B1
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017100CC
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01710F97
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01710FCA
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0171007B
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01710FA8
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01710FB9
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01710F33
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 015F0047
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 015F0FAF
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 015F0036
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 015F001B
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 015F0FC0
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 015F000A
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 015F0FDB
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [7F, 89] {JG 0xffffffffffffff8b}
.text C:\WINDOWS\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 015F0058
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 015E0F90
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!system 77C293C7 5 Bytes JMP 015E001B
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 015E0FC6
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 015E0000
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 015E0FB5
.text C:\WINDOWS\Explorer.EXE[1892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 015E0FD7
.text C:\WINDOWS\Explorer.EXE[1892] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 015D0011
.text C:\WINDOWS\Explorer.EXE[1892] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 015D0000
.text C:\WINDOWS\Explorer.EXE[1892] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 015D0022
.text C:\WINDOWS\Explorer.EXE[1892] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 015D0FCF
.text C:\WINDOWS\Explorer.EXE[1892] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 00BF1102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\Explorer.EXE[1892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 015C0FE5
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0078
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005D
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F83
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00AE
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0093
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00BF
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F26
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00D0
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F68
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\System32\svchost.exe[3840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F41
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FCD
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029006F
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001E
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDE
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290054
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290039
.text C:\WINDOWS\System32\svchost.exe[3840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FBC
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FC1
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0042
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0027
.text C:\WINDOWS\System32\svchost.exe[3840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[3840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[588] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405941] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 29 July 2010 - 01:07 AM

Hi,

can you please answer this question:

QUOTE
have the redirects diminished or are they gone?


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 29 July 2010 - 04:35 PM

Haven't seen another one yet

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 29 July 2010 - 05:09 PM

Hi,

please run a scan with Eset to check for possible leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regard smyrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 sschoen2

sschoen2
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 31 July 2010 - 05:19 PM

QUOTE
C:\Documents and Settings\Owner\Local Settings\Temp\33132bc6.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MPGLONO3\update[1].exe a variant of Win32/Kryptik.FQU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\Queen's blade full pack.rar Win32/Kryptik.FAV.Gen trojan deleted - quarantined


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:52 PM

Posted 01 August 2010 - 02:10 AM

Hi,

please let me know how the PC is doing.

The scan from Eset deleted a couple of leftovers from the temporary folders.

I would like to empty those to delete potentially present files in there:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please also update your java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

As well as update your Adobe Reader:

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version 9.3. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

regards myti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users