Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infected Need Help!


  • This topic is locked This topic is locked
22 replies to this topic

#1 jiggaz

jiggaz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 31 July 2010 - 08:14 PM

Hello,
I need help. This Malware is taking over my computer. I have McAfee installed which was rendered useless. This malware hijacked my browser, disabled windows update, diaabled sound, and otherwise ruined my internet experience. I installed and ran Malawarebytes' AntiMalware, SuperAnitspyware, and Dr. Web CureIt which seemed to remove most of the malware. McAfee was able to run again and scan for additional viruses. My internet connection was still a little shaky but running. Now the malware is popping back up and by browser is getting redirected and wont load the google page at all. Any help would be appreciated. Thanks.

Malware Log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

7/25/2010 4:19:35 PM
mbam-log-2010-07-25 (16-19-35).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 389078
Time elapsed: 3 hour(s), 33 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 8
Registry Data Items Infected: 3
Folders Infected: 15
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\asesacevezuyoca.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcusajelehefonu (Trojan.Hiloti) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rrehoname (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gljbqtbs (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tjfrxvbw (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dvqoxwte (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vpopnptm (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Security Master AV (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Start Menu\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yowetupe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\asesacevezuyoca.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\neclpag.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\50003ec\SM5000_302.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Local Settings\Temp\q1.dll (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temp\nmuv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\30S8Y8G7\uiptnmgovj[1].htm (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\JTAN9HZ7\ggbrzx[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\L57CMZR9\gxbjd[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP398\A0146405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP398\A0146410.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0147405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0147406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0147407.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0147413.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0148405.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0148406.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0148412.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0149405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0149410.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0150405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP399\A0150411.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0151405.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0150417.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0151406.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0151411.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0152405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP400\A0152411.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154406.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0153405.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0153412.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154405.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154412.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154419.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154422.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154423.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154429.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154432.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154433.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154439.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154445.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP401\A0154451.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0157444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0155444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0155445.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0156449.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0157445.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP402\A0157452.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158445.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158451.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158456.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158457.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158465.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158466.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158467.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158468.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158469.dll (Adware.Adshot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158471.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158488.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158505.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP403\A0158506.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\GM1gMYWSK.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\42.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\LqGi.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\packupdate107_302[1].exe (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mrxru.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\Security Master AV\Instructions.ini (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Everyone Else\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Start Menu\A360\Registration.lnk (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\t.id (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Desktop\Security Master AV.LNK (Rogue.SecurityMasterAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\n.exn (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shane\Local Settings\Temp\n.exn (Trojan.Dropper) -> Quarantined and deleted successfully.

and after
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18372

7/25/2010 10:28:10 PM
mbam-log-2010-07-25 (22-28-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 367054
Time elapsed: 3 hour(s), 6 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86
Run by Michelle at 20:23:03.23 on Sat 07/31/2010
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1388 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michelle\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.72.0\MySpaceToolbar.dll
BHO: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - ALOT Toolbar
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {da7c2cb8-0786-43af-8932-131ab6d237ba}: {ab732d6b-a131-2398-fa34-68708bc2c7ad}
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CescrtHlpr Object: {f9b72325-a029-4a39-943a-02433c978829} - c:\program files\esnips.com\esnipstoolbar\1.3.0.3\escort.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\michelle\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [gljbqtbs] c:\documents and settings\networkservice\local settings\application data\thmbnatge\amqhiuktssd.exe
dRun: [tjfrxvbw] c:\documents and settings\networkservice\local settings\application data\xyqfuubdc\egvwddbtssd.exe
dRun: [dvqoxwte] c:\documents and settings\networkservice\local settings\application data\jctpekqsv\baifddwtssd.exe
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280548309046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli c:\windows\system32\bululepu.dll
IFEO: image file execution options - svchost.exe
Hosts: 91.206.201.8 osawarepro.microsoft.com
Hosts: 91.206.201.8 osawarepro.com
Hosts: 91.206.201.8 www.osawarepro.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michelle\applic~1\mozilla\firefox\profiles\5spapcu5.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\myspace\toolbar\1.0.72.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\michelle\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {F9DCDC46-06F8-4B79-9D59-41D14EB5FA92} - c:\windows\system32\config\systemprofile\local settings\application data\{f9dcdc46-06f8-4b79-9d59-41d14eb5fa92}\
FF - HiddenExtension: XULRunner: {C89F5F1A-DD35-4B5F-801A-A78DA4832937} - c:\documents and settings\shane\local settings\application data\{c89f5f1a-dd35-4b5f-801a-a78da4832937}\
FF - HiddenExtension: XULRunner: {5D7332CC-D14C-4A11-993E-E6987FDC6A7A} - c:\documents and settings\michelle\local settings\application data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 214664]
R1 SASDIFSV;SASDIFSV;c:\docume~1\michelle\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\michelle\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-12 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-12 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-12 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-25 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-12 40552]
S0 pgmilega;pgmilega;c:\windows\system32\drivers\pgmilega.sys [2010-7-21 767488]
S2 FdRedir;FdRedir;\??\c:\program files\common files\protector suite ql\drivers\fdredir.sys --> c:\program files\common files\protector suite ql\drivers\FdRedir.sys [?]
S2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\common files\protector suite ql\drivers\filedisk.sys --> c:\program files\common files\protector suite ql\drivers\filedisk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S2 smihlp;SMI helper driver;\??\c:\program files\protector suite ql\smihlp.sys --> c:\program files\protector suite ql\smihlp.sys [?]
S2 svchost32;Windows Service Manager;c:\windows\system32\directx\svchost.exe /service --> c:\windows\system32\directx\svchost.exe [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-12 34248]

=============== Created Last 30 ================

2010-08-01 00:30:49 0 d-----w- c:\program files\Cobian Backup 10
2010-07-30 04:29:13 0 d-----w- c:\program files\AnVi
2010-07-30 03:47:22 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-30 03:47:17 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-30 03:47:06 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-07-30 03:46:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2010-07-27 09:09:43 0 d-----w- c:\docume~1\michelle\applic~1\ElevatedDiagnostics
2010-07-27 03:21:33 142 ----a-w- c:\docume~1\michelle\applic~1\wklnhst.dat
2010-07-26 20:20:06 0 d-----w- c:\documents and settings\michelle\DoctorWeb
2010-07-26 01:49:38 0 d-s---w- C:\ComboFix
2010-07-26 01:44:12 98816 ----a-w- c:\windows\sed.exe
2010-07-26 01:44:12 77312 ----a-w- c:\windows\MBR.exe
2010-07-26 01:44:12 256512 ----a-w- c:\windows\PEV.exe
2010-07-26 01:44:12 161792 ----a-w- c:\windows\SWREG.exe
2010-07-25 18:43:32 0 d-----w- c:\docume~1\michelle\applic~1\Malwarebytes
2010-07-25 18:43:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 18:43:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-25 18:43:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 18:43:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 17:35:32 0 d-----w- C:\xp_txt_fix
2010-07-25 17:35:22 0 d-----w- C:\xp_regfile
2010-07-25 17:35:11 0 d-----w- C:\xp_mpg_fix_reg
2010-07-25 17:34:56 0 d-----w- C:\xp_ico_file_assoc_fix
2010-07-25 17:34:45 0 d-----w- C:\xp_giffile_fix
2010-07-25 17:34:34 0 d-----w- C:\xp_drive_association_fix
2010-07-25 17:34:22 0 d-----w- C:\xp_com_fix
2010-07-25 17:34:08 0 d-----w- C:\scf_assoc_fix
2010-07-25 17:33:57 0 d-----w- C:\ie_desktop_icon
2010-07-25 17:33:38 0 d-----w- C:\xp_vbs_file_association
2010-07-25 17:33:27 0 d-----w- C:\xp_tiff_fix
2010-07-25 17:33:09 0 d-----w- C:\xp_mspfix
2010-07-25 17:32:44 0 d-----w- C:\xp_jpg_jpe_jpeg_file_assoc_fix
2010-07-25 17:32:28 0 d-----w- C:\xp_hta_fix
2010-07-25 17:32:13 0 d-----w- C:\xp_exe_fix
2010-07-25 17:31:59 0 d-----w- C:\xp_directory_reg
2010-07-25 17:31:45 0 d-----w- C:\xp_chm_fix
2010-07-25 17:31:25 0 d-----w- C:\msi_assoc
2010-07-25 17:31:09 0 d-----w- C:\html_association_fix
2010-07-25 17:30:40 0 d-----w- C:\batch_file_assoc
2010-07-25 17:28:25 0 d-----w- C:\xp_url_shortcut_fix
2010-07-25 17:28:09 0 d-----w- C:\xp_scr_fix
2010-07-25 17:27:42 0 d-----w- C:\xp_mscfix
2010-07-25 17:26:58 0 d-----w- C:\xp_inf_assoc
2010-07-25 17:25:52 0 d-----w- C:\xp_hlp_file_fix
2010-07-25 17:25:15 0 d-----w- C:\xp_eml_file_assoc
2010-07-25 17:23:19 0 d-----w- C:\xp_cpl_file_assoc
2010-07-25 17:23:01 0 d-----w- C:\xp_cabfile
2010-07-25 17:22:43 0 d-----w- C:\linkfile_fix
2010-07-25 17:22:12 0 d-----w- C:\folder_reg
2010-07-24 21:39:58 0 d-----w- c:\docume~1\michelle\applic~1\SUPERAntiSpyware.com
2010-07-24 21:39:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-24 06:32:49 120 ----a-w- c:\windows\Bpuxowetohekafo.dat
2010-07-24 06:32:49 0 ----a-w- c:\windows\Btucoxagijoba.bin
2010-07-21 21:48:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-21 21:48:41 767488 ----a-w- c:\windows\system32\drivers\pgmilega.sys
2010-07-21 21:20:02 78 ----a-w- C:\cb.dll
2010-07-21 21:19:14 1669 ----a-w- C:\Security Master AV.lnk
2010-07-21 21:19:02 0 d-----w- c:\docume~1\alluse~1\applic~1\cb302
2010-07-21 21:08:31 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SMKKXNAV
2010-07-21 21:07:31 0 d-sh--w- c:\documents and settings\all users\50003ec
2010-07-17 15:56:13 0 d-----w- c:\program files\FOnline
2010-07-17 15:35:51 0 d-----w- c:\program files\GOG.com
2010-07-16 05:56:42 0 d-----w- C:\spoolerlogs
2010-07-15 22:16:45 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-15 22:16:45 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-07-15 22:16:45 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-07-15 22:16:45 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-07-15 22:16:44 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-07-15 22:16:44 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-07-15 22:15:54 150 ----a-w- C:\zrpt.xml

==================== Find3M ====================

2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-01-06 21:51:28 673109 --sha-w- c:\windows\system32\bdMWayay.ini2
2009-01-03 05:12:59 675512 --sha-w- c:\windows\system32\edgiPXbc.ini2
2009-01-05 23:06:03 672323 --sha-w- c:\windows\system32\JQqpXGgh.ini2
2008-11-13 23:52:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081103\index.dat
2008-11-13 23:52:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111320081114\index.dat
2009-12-31 00:51:14 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-12-31 00:51:14 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-12-31 00:51:14 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:25:14.82 ===============

GMER will run for a minute and then will shut down the computer with a Blue Screen HARD DISK Error 00001244 unable to get a log.
Attch.txt attached.

Merged 3 posts. ~ OB

Attached Files


Edited by Orange Blossom, 02 August 2010 - 10:08 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 09 August 2010 - 10:41 AM

Hello jiggaz, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please follow these instructions to disable any CD Emulation programs using DeFogger.

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • mbr.log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 09 August 2010 - 04:50 PM

Thanks Syler,
Here are the logs. Waiting for more instructions.


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !


OTL logfile created on: 8/9/2010 2:28:52 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 18.23 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.75 Gb Total Space | 3.74 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Drive F: | 952.19 Mb Total Space | 608.64 Mb Free Space | 63.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUESHEALER
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2010/06/16 15:07:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/20 16:31:16 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2005/12/16 17:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/03 15:26:22 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\DirectX\svchost.exe -- (svchost32)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 09:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - File not found [File_System | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/27 03:34:33 | 000,767,488 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\pgmilega.sys -- (pgmilega)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/09 01:38:47 | 000,006,784 | ---- | M] (SoftCamp Co., Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsk4.sys -- (scsk4)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIMMP)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/02 17:02:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/17 17:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 15:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/21 22:37:32 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/16 17:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 11:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 19:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 22:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 15:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}:1.0
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {C89F5F1A-DD35-4B5F-801A-A78DA4832937}:1.9.1
FF - prefs.js..extensions.enabledItems: {5D7332CC-D14C-4A11-993E-E6987FDC6A7A}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}\ [2009/01/07 13:08:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/05/28 04:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 14:02:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 14:37:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}: C:\Documents and Settings\Shane\Local Settings\Application Data\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}\ [2010/07/23 23:32:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}: C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A} [2010/07/24 14:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 19:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 19:08:20 | 000,000,000 | ---D | M]

[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\5spapcu5.default\extensions
[2010/07/25 19:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/21 14:19:40 | 000,001,929 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 osawarepro.microsoft.com
O1 - Hosts: 91.206.201.8 osawarepro.com
O1 - Hosts: 91.206.201.8 www.osawarepro.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 securesoftwarebill.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.230.163.203 www.google.com
O1 - Hosts: 67.230.163.203 google.com
O1 - Hosts: 67.230.163.203 google.com.au
O1 - Hosts: 67.230.163.203 www.google.com.au
O1 - Hosts: 67.230.163.203 google.be
O1 - Hosts: 67.230.163.203 google.com.br
O1 - Hosts: 67.230.163.203 www.google.com.br
O1 - Hosts: 67.230.163.203 google.ca
O1 - Hosts: 67.230.163.203 www.google.ca
O1 - Hosts: 36 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {da7c2cb8-0786-43af-8932-131ab6d237ba} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {F9B72325-A029-4a39-943A-02433C978829} - C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3\escort.dll (esnips)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [dvqoxwte] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv\baifddwtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [gljbqtbs] C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge\amqhiuktssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\.DEFAULT..\Run: [tjfrxvbw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc\egvwddbtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [dvqoxwte] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv\baifddwtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [gljbqtbs] C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge\amqhiuktssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [tjfrxvbw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc\egvwddbtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
O4 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1280548309046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23 1.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 14:28:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 14:27:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/02 19:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/02 19:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/01 12:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea
[2010/08/01 12:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg
[2010/07/31 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\gmer
[2010/07/31 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder (2)
[2010/07/31 17:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder
[2010/07/31 17:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Safe mirror
[2010/07/31 17:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/29 21:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\AnVi
[2010/07/29 20:47:22 | 000,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/07/29 20:47:17 | 000,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/07/29 20:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/07/29 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/07/27 02:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ElevatedDiagnostics
[2010/07/27 02:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/26 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Template
[2010/07/26 13:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\DoctorWeb
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Mozilla
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Mozilla
[2010/07/25 18:49:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/25 18:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 18:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 18:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 18:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 18:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 18:40:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Steele
[2010/07/25 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/07/25 11:43:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 11:43:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 10:35:32 | 000,000,000 | ---D | C] -- C:\xp_txt_fix
[2010/07/25 10:35:22 | 000,000,000 | ---D | C] -- C:\xp_regfile
[2010/07/25 10:35:11 | 000,000,000 | ---D | C] -- C:\xp_mpg_fix_reg
[2010/07/25 10:34:56 | 000,000,000 | ---D | C] -- C:\xp_ico_file_assoc_fix
[2010/07/25 10:34:45 | 000,000,000 | ---D | C] -- C:\xp_giffile_fix
[2010/07/25 10:34:34 | 000,000,000 | ---D | C] -- C:\xp_drive_association_fix
[2010/07/25 10:34:22 | 000,000,000 | ---D | C] -- C:\xp_com_fix
[2010/07/25 10:34:08 | 000,000,000 | ---D | C] -- C:\scf_assoc_fix
[2010/07/25 10:33:57 | 000,000,000 | ---D | C] -- C:\ie_desktop_icon
[2010/07/25 10:33:38 | 000,000,000 | ---D | C] -- C:\xp_vbs_file_association
[2010/07/25 10:33:27 | 000,000,000 | ---D | C] -- C:\xp_tiff_fix
[2010/07/25 10:33:09 | 000,000,000 | ---D | C] -- C:\xp_mspfix
[2010/07/25 10:32:44 | 000,000,000 | ---D | C] -- C:\xp_jpg_jpe_jpeg_file_assoc_fix
[2010/07/25 10:32:28 | 000,000,000 | ---D | C] -- C:\xp_hta_fix
[2010/07/25 10:32:13 | 000,000,000 | ---D | C] -- C:\xp_exe_fix
[2010/07/25 10:31:59 | 000,000,000 | ---D | C] -- C:\xp_directory_reg
[2010/07/25 10:31:45 | 000,000,000 | ---D | C] -- C:\xp_chm_fix
[2010/07/25 10:31:25 | 000,000,000 | ---D | C] -- C:\msi_assoc
[2010/07/25 10:31:09 | 000,000,000 | ---D | C] -- C:\html_association_fix
[2010/07/25 10:30:40 | 000,000,000 | ---D | C] -- C:\batch_file_assoc
[2010/07/25 10:28:25 | 000,000,000 | ---D | C] -- C:\xp_url_shortcut_fix
[2010/07/25 10:28:09 | 000,000,000 | ---D | C] -- C:\xp_scr_fix
[2010/07/25 10:27:42 | 000,000,000 | ---D | C] -- C:\xp_mscfix
[2010/07/25 10:26:58 | 000,000,000 | ---D | C] -- C:\xp_inf_assoc
[2010/07/25 10:25:52 | 000,000,000 | ---D | C] -- C:\xp_hlp_file_fix
[2010/07/25 10:25:15 | 000,000,000 | ---D | C] -- C:\xp_eml_file_assoc
[2010/07/25 10:23:19 | 000,000,000 | ---D | C] -- C:\xp_cpl_file_assoc
[2010/07/25 10:23:01 | 000,000,000 | ---D | C] -- C:\xp_cabfile
[2010/07/25 10:22:43 | 000,000,000 | ---D | C] -- C:\linkfile_fix
[2010/07/25 10:22:12 | 000,000,000 | ---D | C] -- C:\folder_reg
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\SUPERAntiSpyware.com
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/24 14:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}
[2010/07/24 13:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\sstkhxyjh
[2010/07/21 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/21 14:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/21 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cb302
[2010/07/21 14:08:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMKKXNAV
[2010/07/21 14:07:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\50003ec
[2010/07/19 14:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/18 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/17 08:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\FOnline
[2010/07/17 08:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2010/07/17 00:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv
[2010/07/15 22:56:42 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/15 15:16:45 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/07/15 15:16:45 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/07/15 15:16:45 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/07/15 15:16:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/07/15 15:16:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/07/15 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc
[2010/07/15 15:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/11 15:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/11 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/11 02:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,001,744 | -H-- | M] () -- C:\WINDOWS\System32\gajuguva
[2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/09 14:26:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 14:24:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/09 14:16:34 | 000,015,937 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/09 14:14:25 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\3905fc60.job
[2010/08/09 14:14:25 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\130ec08b.job
[2010/08/09 14:14:25 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\da11c834.job
[2010/08/09 14:14:25 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\9cc9801c.job
[2010/08/09 14:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 14:13:51 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 13:48:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/08/08 14:46:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91FBC9A6-CF10-4765-A8E0-EDDF0FFB91E5}.job
[2010/08/05 15:19:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 12:27:24 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/08/03 12:27:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2010/08/02 20:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/02 20:22:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/01 01:00:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/31 20:30:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 21:03:01 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/29 20:48:10 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/29 20:38:09 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Google Chrome.lnk
[2010/07/29 20:38:09 | 000,002,298 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 03:34:33 | 000,767,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\pgmilega.sys
[2010/07/27 02:06:18 | 000,471,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/27 02:06:18 | 000,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/27 02:06:18 | 000,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 00:24:29 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/27 00:24:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 00:24:29 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/07/27 00:11:16 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/26 20:22:03 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 17:54:48 | 004,316,622 | -H-- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\IconCache.db
[2010/07/25 19:08:25 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 16:37:19 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/25 11:43:25 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:42:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Btucoxagijoba.bin
[2010/07/25 11:40:58 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/23 23:32:49 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bpuxowetohekafo.dat
[2010/07/21 14:48:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/21 14:34:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/21 14:20:02 | 000,000,078 | ---- | M] () -- C:\cb.dll
[2010/07/21 14:19:40 | 000,001,929 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/21 14:19:14 | 000,001,669 | ---- | M] () -- C:\Security Master AV.lnk
[2010/07/17 08:38:44 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gilopeja
[2099/01/01 12:00:00 | 000,001,744 | -H-- | C] () -- C:\WINDOWS\System32\gajuguva
[2010/08/09 14:25:19 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\Michelle\mbr.log
[2010/08/09 14:24:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:22:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/07/31 20:30:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 12:24:31 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Michelle\reset.log
[2010/07/26 20:22:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 20:21:33 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/25 19:08:25 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 18:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 18:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 18:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 18:44:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 18:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/25 11:43:25 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/25 10:58:53 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/23 23:32:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bpuxowetohekafo.dat
[2010/07/23 23:32:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Btucoxagijoba.bin
[2010/07/21 14:48:50 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/07/21 14:48:41 | 000,767,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\pgmilega.sys
[2010/07/21 14:32:47 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\9cc9801c.job
[2010/07/21 14:20:02 | 000,000,078 | ---- | C] () -- C:\cb.dll
[2010/07/21 14:19:14 | 000,001,669 | ---- | C] () -- C:\Security Master AV.lnk
[2010/07/21 14:03:15 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\3905fc60.job
[2010/07/17 08:38:44 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk
[2010/07/16 15:18:41 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\130ec08b.job
[2010/07/15 22:55:59 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\tasks\da11c834.job
[2010/07/15 15:15:54 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2009/01/31 00:46:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/05 15:56:50 | 000,672,323 | -HS- | C] () -- C:\WINDOWS\System32\JQqpXGgh.ini2
[2009/01/05 15:56:50 | 000,672,323 | -HS- | C] () -- C:\WINDOWS\System32\JQqpXGgh.ini
[2009/01/02 22:09:47 | 000,675,512 | -HS- | C] () -- C:\WINDOWS\System32\edgiPXbc.ini2
[2009/01/02 22:09:46 | 000,676,455 | -HS- | C] () -- C:\WINDOWS\System32\edgiPXbc.ini
[2009/01/01 17:44:01 | 000,673,564 | -HS- | C] () -- C:\WINDOWS\System32\bdMWayay.ini
[2009/01/01 17:44:01 | 000,673,109 | -HS- | C] () -- C:\WINDOWS\System32\bdMWayay.ini2
[2008/11/05 10:31:33 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/03 12:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 16:54:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/02 16:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/02 16:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/02 16:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/02 16:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/02 16:48:13 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 16:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/02 16:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/02 16:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/02 16:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 16:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 16:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/02 15:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/02 14:35:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 14:23:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 11:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/02 11:40:08 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/03/02 11:40:07 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/03/02 11:40:07 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/03/02 11:40:07 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/03/02 11:40:07 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/01/26 11:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 12:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/01/15 02:01:22 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/01/15 02:01:16 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/02 06:18:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/02 06:18:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/03/02 06:18:00 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2008/12/13 19:13:28 | 000,437,168 | ---- | M] (Yahoo! Inc.) -- C:\msgr9us.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 8/9/2010 2:28:52 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 18.23 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.75 Gb Total Space | 3.74 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Drive F: | 952.19 Mb Total Space | 608.64 Mb Free Space | 63.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUESHEALER
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINDOWS\TEMP\wmsdk64_32.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINDOWS\TEMP\wmsdk64_32.exe File not found

[HKEY_USERS\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 File not found
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\regsvr32.exe" = C:\WINDOWS\system32\regsvr32.exe:*:Enabled:RegSvr32 -- (Microsoft Corporation)
"C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\D-Link Media Server\MediaGUI.exe" = C:\Program Files\D-Link Media Server\MediaGUI.exe:*:Enabled:D-Link_MediaServerGUI -- (D-Link systems Inc.)
"C:\Program Files\D-Link Media Server\MediaServer.exe" = C:\Program Files\D-Link Media Server\MediaServer.exe:*:Enabled:D-Link_MediaServer -- ()
"C:\WINDOWS\system32\MediaServerDump\LiveUpdate\OLUpdate.exe" = C:\WINDOWS\system32\MediaServerDump\LiveUpdate\OLUpdate.exe:*:Enabled:Media Server LiveUpdate -- ()
"C:\Documents and Settings\Everyone Else\Application Data\MySpace\IM\bin\MySpaceIM.exe" = C:\Documents and Settings\Everyone Else\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- ()
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Documents and Settings\All Users\50003ec\SM5000_302.exe" = C:\Documents and Settings\All Users\50003ec\SM5000_302.exe:*:Enabled:Security Master AV -- File not found
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6F30B34-BB11-49B0-942D-10EF20C4EB2B}" = Toshiba Hotkey Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
"CobBackup10" = Cobian Backup 10
"D-Link Media Server_is1" = D-Link Media Server 1.07
"eSnipsToolbar" = eSnips
"ESPNMotion" = ESPNMotion
"Fallout 2_is1" = Fallout 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee SecurityCenter
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"RegistryCleaner" = Registry Cleaner 2.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SSIII Solo Ultratus" = SSIII Solo Ultratus 1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WT004722" = Bejeweled 2 Deluxe
"WT004723" = Blasterball 2 Revolution
"WT004725" = SCRABBLE
"WT004829" = Polar Golfer
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Music Engine" = Yahoo! Music Jukebox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2010 2:18:36 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 2:23:06 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 3:18:36 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 3:23:06 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 4:18:36 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 4:23:06 PM | Computer Name = BLUESHEALER | Source = Google Update | ID = 20
Description =

Error - 8/9/2010 5:15:24 PM | Computer Name = BLUESHEALER | Source = Application Error | ID = 1000
Description = Faulting application nmapp.exe, version 4.5.7228.0, faulting module
ieframe.dll, version 8.0.6001.18372, fault address 0x0014edf1.

Error - 8/9/2010 5:22:18 PM | Computer Name = BLUESHEALER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4352 (0x1100) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\drivers\pgmilega.sys

by C:\Documents and Settings\Michelle\Desktop\Defogger.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/9/2010 5:30:42 PM | Computer Name = BLUESHEALER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3784 (0xec8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\drivers\pgmilega.sys

by C:\Documents and Settings\Michelle\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/9/2010 5:35:05 PM | Computer Name = BLUESHEALER | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1388 (0x56c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\drivers\pgmilega.sys

by C:\Documents and Settings\Michelle\Desktop\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 8/9/2010 5:34:24 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:34:31 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:34:38 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:34:45 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:34:52 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:34:58 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:35:05 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:35:12 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:35:19 PM | Computer Name = BLUESHEALER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/9/2010 5:35:19 PM | Computer Name = BLUESHEALER | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).


< End of report >

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 10 August 2010 - 12:06 PM

Hi jiggaz,

It looks like you have a rite mess there, this is going to take some cleaning.

Can you tell me if the following thread is also yours, for the same machine?

http://www.bleepingcomputer.com/forums/t/337033/mucho-malware-and-spyware/


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean ayour machine please follow these next steps.



Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\DirectX\svchost.exe -- (svchost32)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
    DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - File not found [File_System | Auto | Stopped] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2010/07/27 03:34:33 | 000,767,488 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\pgmilega.sys -- (pgmilega)
    IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    FF - prefs.js..extensions.enabledItems: {F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}:1.0
    FF - prefs.js..extensions.enabledItems: {C89F5F1A-DD35-4B5F-801A-A78DA4832937}:1.9.1
    FF - prefs.js..extensions.enabledItems: {5D7332CC-D14C-4A11-993E-E6987FDC6A7A}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}\ [2009/01/07 13:08:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}: C:\Documents and Settings\Shane\Local Settings\Application Data\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}\ [2010/07/23 23:32:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}: C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A} [2010/07/24 14:10:21 | 000,000,000 | ---D | M]
    O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No CLSID value found.
    O2 - BHO: (no name) - {da7c2cb8-0786-43af-8932-131ab6d237ba} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
    O4 - HKLM..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [dvqoxwte] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv\baifddwtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [gljbqtbs] C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge\amqhiuktssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [tjfrxvbw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc\egvwddbtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [dvqoxwte] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv\baifddwtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [gljbqtbs] C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge\amqhiuktssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [ipprngku] C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea\oshvymjtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
    O4 - HKU\S-1-5-18..\Run: [tjfrxvbw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc\egvwddbtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [yndgjyhw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg\otjfdkmtssd.exe File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23 1.1.1.1
    O33 - MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\Shell - "" = AutoRun
    O33 - MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\Shell - "" = AutoRun
    O33 - MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\Shell\AutoRun - "" = Auto&Play
    O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
    O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
    [2010/08/01 12:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea
    [2010/08/01 12:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg
    [2010/07/29 21:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\AnVi
    [2010/07/24 14:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}
    [2010/07/24 13:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\sstkhxyjh
    [2010/07/21 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cb302
    [2010/07/21 14:08:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMKKXNAV
    [2010/07/21 14:07:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\50003ec
    [2010/07/17 00:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv
    [2010/07/15 15:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc
    [2010/07/11 02:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge
    [2099/01/01 12:00:00 | 000,001,744 | -H-- | M] () -- C:\WINDOWS\System32\gajuguva
    [2010/08/09 14:14:25 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\3905fc60.job
    [2010/08/09 14:14:25 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\130ec08b.job
    [2010/08/09 14:14:25 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\da11c834.job
    [2010/08/09 14:14:25 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\9cc9801c.job
    [2010/07/25 11:42:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Btucoxagijoba.bin
    [2010/07/21 14:48:38 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2010/07/21 14:20:02 | 000,000,078 | ---- | M] () -- C:\cb.dll
    [2010/07/21 14:19:14 | 000,001,669 | ---- | M] () -- C:\Security Master AV.lnk
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gilopeja
    [2010/07/23 23:32:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bpuxowetohekafo.dat
    [2010/07/21 14:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
    [2010/07/21 14:48:50 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
    [2009/01/05 15:56:50 | 000,672,323 | -HS- | C] () -- C:\WINDOWS\System32\JQqpXGgh.ini2
    [2009/01/05 15:56:50 | 000,672,323 | -HS- | C] () -- C:\WINDOWS\System32\JQqpXGgh.ini
    [2009/01/02 22:09:47 | 000,675,512 | -HS- | C] () -- C:\WINDOWS\System32\edgiPXbc.ini2
    [2009/01/02 22:09:46 | 000,676,455 | -HS- | C] () -- C:\WINDOWS\System32\edgiPXbc.ini
    [2009/01/01 17:44:01 | 000,673,564 | -HS- | C] () -- C:\WINDOWS\System32\bdMWayay.ini
    [2009/01/01 17:44:01 | 000,673,109 | -HS- | C] () -- C:\WINDOWS\System32\bdMWayay.ini2
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "3389:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "3389:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    "C:\WINDOWS\system32\regsvr32.exe"=-
    "C:\Documents and Settings\All Users\50003ec\SM5000_302.exe"=-
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.


Then please post back here with the following logs:
  • HelpAsst log
  • OTL results
  • New OTL log

Thanks

unite.jpg


#5 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 07:04 PM

Hello Syler,

Yes that is my post but, it was for my desktop, I think I posted the wrong log. If you delete it I will start over on that one. I would like to move foward on fixing this machine. I am aware of the risks. I dont do any banking only internet and I pod stuff. I have posted the logs you requested. I will be waiting for further instructions...

C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
Tue 08/10/2010 at 16:13:58.18

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Tue 08/10/2010 at 16:15:45.96

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8989BEC5]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

All processes killed
========== OTL ==========
Error: No service named svchost32)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys was found to stop!
Service\Driver key svchost32)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys not found.
Service smihlp stopped successfully!
Service smihlp deleted successfully!
File C:\Program Files\Protector Suite QL\smihlp.sys not found.
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
File C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS not found.
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
File C:\DOCUME~1\Michelle\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS not found.
Service FileDisk2 stopped successfully!
Service FileDisk2 deleted successfully!
File C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys not found.
Service FdRedir stopped successfully!
Service FdRedir deleted successfully!
File C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys not found.
Service pgmilega stopped successfully!
Service pgmilega deleted successfully!
C:\WINDOWS\system32\drivers\pgmilega.sys moved successfully.
HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}:1.0 removed from extensions.enabledItems
Prefs.js: {C89F5F1A-DD35-4B5F-801A-A78DA4832937}:1.9.1 removed from extensions.enabledItems
Prefs.js: {5D7332CC-D14C-4A11-993E-E6987FDC6A7A}:1.9.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}\ not found.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}\chrome\content folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92}\chrome folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F9DCDC46-06F8-4B79-9D59-41D14EB5FA92} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C89F5F1A-DD35-4B5F-801A-A78DA4832937} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}\ not found.
C:\Documents and Settings\Shane\Local Settings\Application Data\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}\chrome\content folder moved successfully.
C:\Documents and Settings\Shane\Local Settings\Application Data\{C89F5F1A-DD35-4B5F-801A-A78DA4832937}\chrome folder moved successfully.
C:\Documents and Settings\Shane\Local Settings\Application Data\{C89F5F1A-DD35-4B5F-801A-A78DA4832937} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}\ not found.
C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}\chrome\content folder moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}\chrome folder moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7c2cb8-0786-43af-8932-131ab6d237ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da7c2cb8-0786-43af-8932-131ab6d237ba}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ipprngku deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yndgjyhw deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dvqoxwte deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\gljbqtbs deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ipprngku deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\tjfrxvbw deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\yndgjyhw deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\dvqoxwte not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\gljbqtbs not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ipprngku not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
C:\Program Files\MySpace\IM\MySpaceIM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\tjfrxvbw not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\yndgjyhw not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc3c2b9-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc3c2bb-274d-11de-84cf-0016366fbe98}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\opmxfamea folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jcfyfxxcg folder moved successfully.
C:\Program Files\AnVi folder moved successfully.
Folder C:\Documents and Settings\Michelle\Local Settings\Application Data\{5D7332CC-D14C-4A11-993E-E6987FDC6A7A}\ not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\sstkhxyjh folder moved successfully.
C:\Documents and Settings\All Users\Application Data\cb302 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SMKKXNAV folder moved successfully.
C:\Documents and Settings\All Users\50003ec\SMAVSys folder moved successfully.
C:\Documents and Settings\All Users\50003ec\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\50003ec\BackUp folder moved successfully.
C:\Documents and Settings\All Users\50003ec folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\jctpekqsv folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\xyqfuubdc folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\thmbnatge folder moved successfully.
C:\WINDOWS\system32\gajuguva moved successfully.
C:\WINDOWS\tasks\3905fc60.job moved successfully.
C:\WINDOWS\tasks\130ec08b.job moved successfully.
C:\WINDOWS\tasks\da11c834.job moved successfully.
C:\WINDOWS\tasks\9cc9801c.job moved successfully.
C:\WINDOWS\Btucoxagijoba.bin moved successfully.
C:\zrpt.xml moved successfully.
C:\cb.dll moved successfully.
C:\Security Master AV.lnk moved successfully.
C:\WINDOWS\system32\gilopeja moved successfully.
C:\WINDOWS\Bpuxowetohekafo.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Update folder moved successfully.
C:\WINDOWS\tasks\Updater.job moved successfully.
C:\WINDOWS\system32\JQqpXGgh.ini2 moved successfully.
C:\WINDOWS\system32\JQqpXGgh.ini moved successfully.
C:\WINDOWS\system32\edgiPXbc.ini2 moved successfully.
C:\WINDOWS\system32\edgiPXbc.ini moved successfully.
C:\WINDOWS\system32\bdMWayay.ini moved successfully.
C:\WINDOWS\system32\bdMWayay.ini2 moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\65533:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3246:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2479:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\regsvr32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\50003ec\SM5000_302.exe deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 74129 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93457 bytes

User: Everyone Else
->Temp folder emptied: 2614613691 bytes
->Temporary Internet Files folder emptied: 70365165 bytes
->Java cache emptied: 455099 bytes
->Google Chrome cache emptied: 594288 bytes
->Apple Safari cache emptied: 4125696 bytes
->Flash cache emptied: 2035445 bytes

User: HelpAssistant
->Temp folder emptied: 116970827 bytes
->Temporary Internet Files folder emptied: 337991810 bytes
->Java cache emptied: 1046914 bytes
->Google Chrome cache emptied: 2394474 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 178454 bytes

User: John

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 60357985 bytes
->Flash cache emptied: 9397 bytes

User: Michelle
->Temp folder emptied: 855419 bytes
->Temporary Internet Files folder emptied: 75478488 bytes
->Java cache emptied: 34926660 bytes
->FireFox cache emptied: 80538185 bytes
->Google Chrome cache emptied: 8487376 bytes
->Apple Safari cache emptied: 4029440 bytes
->Flash cache emptied: 1970342 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 126176116 bytes
->Java cache emptied: 70552 bytes
->Flash cache emptied: 29330 bytes

User: Shane
->Temp folder emptied: 298298550 bytes
->Temporary Internet Files folder emptied: 97505495 bytes
->Java cache emptied: 11438848 bytes
->Flash cache emptied: 93577 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 184015546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 22251054 bytes
RecycleBin emptied: 15427584 bytes

Total Files Cleaned = 3,980.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Everyone Else
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: John

User: LocalService
->Flash cache emptied: 0 bytes

User: Michelle
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Shane
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08102010_161808

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Everyone Else\Local Settings\Temp\Temporary Internet Files\Content.IE5\QCZ4OQOC\bundle_js_alotWidget_main_registerPrompt_podContainer_dragAndDrop_content_overlay_tracking_homepage_contentAdded_welcome_sitecatalyst_searchLinks_podSearch_podMultiSearch[1] not found!
File\Folder C:\Documents and Settings\Everyone Else\Local Settings\Temp\Temporary Internet Files\Content.IE5\N6MCRZOP\s_multisearchPod_rssPod_multiurlPod_searchPod_bigWidgetPod_thirdPartyPod_urlPod_dialog_overlay_addContent_account_searchLinks_homepage_contentAdded_welcome_registerPrompt[1].css not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\37CAQMT96QCAUREQSUCA1900EDCAQDJ8L3CAYU0X0ICAGCAQJFCAGX26H7CAHPU46WCA5S9RG5CAEB4T6TCAAQMTZXCAWAKTE0CAKTJ1R5CA8BNOSJCAHQXOVWCASGESWECAP36IXNCAJDP7YOCATPFQU3CASZSFWBCAIFJL5Q.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\3ICAFCM327CAR2A09HCAZK6013CAN3R9FECAOREJ0UCA7EUS30CAOEOCQZCAI31TZRCAISKP1OCA9WWJF8CAC26JVLCAURU3XUCAENFK7GCAIU0914CAT5A8X9CAGEWDTSCAYWKSULCAEC6VK3CA26ONXXCAS3R6UFCA3CPM61.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\3VCA2NI7OJCAIWPEBHCAMT84JSCADMGZYLCAXRIBVPCAMN0648CA4W4WIOCAK7F71ACA0CDOLJCAFHZQM9CAJXI72DCAG2AVRPCAB1SA8JCAESFBDXCA4PDID4CA8RPXAMCA54B46KCAWJ397ACAIXRPYBCAEVQJAWCAX46321.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\3XCAETHVUFCA738JI0CALIJ5UTCAC42BY3CAPA5JB4CANCSTHOCAWARLPHCAT7VEQHCAOTR1ORCA953M5BCAW7M7U7CAJUD3YYCAKZ9204CAS6ES87CACQL8ZMCABI8U46CA3WCNH2CACWAMKQCAU771KLCAT7O8VWCAQZY0O0.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\4PCA9FQAGXCAC50BOACALTR2FFCAXUIXT6CAQXW5CBCAMLA8X3CATGM9MNCA3GH21WCA7QMUEACA1C8KCYCA4SZNHYCA55QS13CAZOI0W5CARLFZY1CA361IEUCACI548ICAYHJWDSCARPI3GECASD44U8CAHFE6IZCA70MAJW.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\8JCAQQB53DCA2CEWHLCA8RNC6ECA20S03JCAZIARLBCAI0TFAWCA444WD2CA7F1JB3CACKR102CACXAXU0CAHI4BWKCA21EN5VCAG2PBXFCAV8RTD2CAOZ7DZNCABEO9CFCAJ3IENACAKOUU29CAM8VBQSCAAD6PW1CAE2GZXT.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\BECAR9APL6CASMAHA3CA4KASEYCA7Z6UQFCAEWL29MCA0XOOU4CALKPC5VCA86CDMACA291TZ9CA3YLAUZCAGEO8UUCARG7OJNCAVX7ZAACAAOT8V5CAS3W363CAT57UUXCAT8P1TYCADZLDFZCA3F9AO4CAYZG2WZCAZ97VLA.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\D0CAWM6J9KCAB4QQAYCABVLDKKCAF2DDEFCAV6K4T9CABZXKAXCAPOKOEPCA839WJOCAB2OMZICACFVYPSCA7EL6MTCA25ZSSLCA6AZO91CAOUMBFTCAJST32PCA70KK2RCAX1W9XQCAS0OE9NCAK6GW84CAOC8AXECAOTYBF3.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\GNCADODU8FCAWD2DUWCAW4YA2ECA9LE2I4CA6W36KSCAACCZ7RCA0PS1U1CA7FM0ZACAQE1J74CA7K8S7FCA7TENDGCAMIVX3KCAZ53N3TCAM34RZKCA7J6YBRCAE4140PCAMLEFEQCAF5TYTWCAFUYN10CAO2N9HGCA860PRY.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\HJCAWUL309CA8F3BYTCARUSLQGCA7FRWBDCAY3GXLYCAV7LSLDCA65A61ICAWV9TQCCAELNON3CATEAAAYCAKJ7PEQCAWTBGOGCAESDP26CAJGCFXGCAO2T8L6CALW903OCA50N1S2CA6UTEH2CA3ME2L9CAR398VHCAGHU00C.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\ICCA7WEB6RCA9MD979CAD3CW3FCA5X8P22CAGH4ES0CAZQQNLACALU4W8QCAGKDCWBCAJ21WGRCA2O2GUKCA9LGQ9BCAYUODNMCA6NDJ43CASA13BLCA7713AUCAWAM0MKCAG43AMMCA1DSF7FCAG5DVUECA7VNVM8CA3BCH8J.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\KVCAB41FJ7CARCN8TBCATHSLI2CAX5IIXGCANKG1DWCAQ9L4LBCAF9LIPJCAKVMNZKCA8B1SAQCALQX8DKCA7PLKZGCAK09PU4CANKW960CAM9LY0OCAD11BF5CALBKELXCAOQ43Y7CAPJTTWSCAO36OR7CA6SAV7BCAG45WW0.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\O4CAHG8XDACACWSNKGCA98YDQACAL4V4J3CA9Q9UHICAMWQG9WCABAHRQ2CA3MRJPSCAW168X4CAPI89N7CA3BE0QECA5WXGQNCALM30IJCATPMWK0CACQJZYWCAAHT1G9CAOCCU0MCAXMYCMOCA6BPSS3CAR5JGQNCA9EVPTQ.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\OECAPRAHGQCA8UT36DCA5I0A1RCA2XRK81CAL1J84CCA296DKJCAUPPOINCA2IERGHCALX2FE3CADYN2ZNCA0XLK2OCAA6O2VSCA10AGLCCA2SR828CAU3WDW9CAF2I19UCALHEZOVCA9QNP4RCA7CVSZ6CA5I4OQRCAT1NAHJ.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\RECAWWUD04CAK5MR2JCA3GVF0FCAQNU442CAUQZ7CHCAO85HOHCA3VEDRACATI1O9ECA16MSUOCAJGSVU9CAOUBTA8CAKHDOUBCAH6HMABCAXUVFPACAARZWP2CA76YIXICA2RCP1HCACYWFKJCA84WACYCAIHHYO7CA55JJGW.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\SZCAN9IPM1CA669OSPCAEP9566CAA3NBIQCADQHE0ACA8QBBFYCAOGM00YCA01WCW6CA84S2RNCANIWM7ACACU37FDCAYIA052CALVGFYBCASI0T0XCA7QIIDRCAMJGQO9CAWKEX07CAH68BXFCALRJ9SACA6A80ZXCAV28229.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\TTCA37Z7ULCAT1CX1NCAP77I59CAIOFIQ0CAOIVBO1CAXI8Q4ICADHTGPZCA7LC3HCCAB1WBZSCASUJAHOCAR25CI8CAK7R3Y9CADIRRTNCARFW04YCAMMC0BACAAZOCBJCAUKT0YVCA20878HCAK2M6TJCAVVTXVQCAXWYLIN.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\TUCA9G9AHVCABF6E7UCAZR2E65CAMN0PG4CAYZW9W7CAR1MCEDCA4NQQSECAAGKS0JCAOW1O6RCAS49DXPCA28VFOXCA592PNICA1ZH945CAHZYG3CCAUZ3RH4CAX2W0Y8CAZ64IF4CAKYMGI8CA2T4XEUCAD19AE8CA04ETDK.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP91Y3DQ\YFCASG1AP8CA08EML9CAEWR98WCAB9LODUCAP6ER83CAL0ELSRCA3CZZLYCAEYSF7ACAI9EPX2CA0775U5CA3GZQ71CA4Q9M2ICA0FSEAYCA04NQM4CAMM9VYTCAVIW0M1CAHK0TQECA1P1X13CAMA4P56CAPDNJ63CAQYWW0A.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\44CA51ZYA7CAQS02T2CAMWWA6YCA95OZ53CA6PFFJ3CAZXEGYDCAOS8HM6CAGC7EYZCAVO4AGLCA7S29DKCAC5SWGSCAX5TGR0CANYWLLJCAMUI37ECAE6S4RSCAT5M10JCAV6H1CICAW7WW5GCASL9J5WCAZ3M5CYCAVV23IP.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\4LCAJELTHQCAVYUEUQCAMJ52AHCAJQUVAACAEWKJQWCACFS8QZCAVQWYWSCA5TO67RCAR7VTJBCAT2RF2KCA2L1EYFCADFWAT2CAJEDZOMCAC7Y0M8CA4BEUYQCAU76VEJCALVJPSICA0F7LZOCATCNOTMCANIJ06GCASVVZM3.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\7ZCAQLL7XMCAF3MZ11CA5GTH3FCAN7QANLCAS34A84CAAS226JCANXKQGUCAT5DSK8CANWG066CA5RBNAECA4TKLSUCAXETLO7CA5TZPC5CAX1ZIE1CASM2EOFCABYPK0ICA1ONNN1CAWY7A5BCAE4KXTPCA6QYBRICA8NY12I.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\C2CAG02CXJCAQKI16YCAZY42UBCA5XH36XCA270ZSPCAJ3X62ZCAS36J4KCAT32IAXCAO1I4XICA1SWS6SCAWUVY05CATAFEAUCAE5XIT8CAYC7CCXCACKV6MBCAU75LT1CAY48DNKCANLJ8NBCA2POH7ICA3WMXTBCAF7WDVG.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\FRCAH92LQMCAMYW5T7CAU2XKOECAB5LLGMCAE7NTXHCAYEMGZFCAHB0TMCCAEY8SPBCAQ7MJWMCAC0NOZACA3PTIO0CAARNTR0CACAPWO6CA8ZZ9X2CAVUQG6TCA14O2IQCAWATMVHCARJG1LBCA60TKA3CA2E69WPCA9MQ8E6.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\HSCAEFBOVMCAHC5EXOCAEAC6P3CAGTY7JOCAEAV2X1CAFCQ21XCAW3CR3ECA036G1NCAFNVHO0CANC6A5FCAFGRCUACAL24N9NCACKU3M8CA2W0IJ7CA4PVJ40CACU7C32CA5EITS9CA1HMD6NCAN4UKNTCABJMNIECA230N39.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\LCCAR9I401CAY33Z2LCAC8BYN3CAXXL24PCAZMNY19CALFKLXDCA8UWCMRCAJN9ZAMCA20R464CAZXYMWKCAXC6H3FCAGYICX0CAM97OM8CADRX16MCA2O2VXKCAEUNDWICAX2UWVCCAVVZ2VHCATDNMI3CA8HFS3ICAFHNL14.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\O0CAZ8OWMFCAX9SWAPCACKWQZ0CAXI4O9ZCAFASC7OCAN17TJ9CAOGF700CAMR7SUICAXAI50OCAJJ92BXCA5P1A9HCAS9OA7GCA9TH6L8CALOESZBCAQVAODCCAMXYY8LCA5N7GTXCAKSGEPQCANI7Q4ECAI863A9CAL4DUD9.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\SRCAEUZNP7CAZR8U4SCAWSW8MKCA6A31GZCA14OYUDCAE3VP9NCAJSIPO6CADF2T5JCA8LS3BACAEUO2KDCAV7J01LCA84L6HDCA88BYS3CART1DAMCAG6TQVKCAMEFDKYCASW8B1TCA8ESJZDCAV4JSO8CAO53QCICA5KT5AB.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\UWCA8R8C9GCATHWE8RCAQCIVTDCACJJNEXCAXXCUFXCA4H5RD6CA2NVC5BCAIZD5FXCACGSOD8CA377V1NCAP4231PCAACEUTYCATGWV3HCAQ6508RCA2R68TFCA1RSAX1CAGRJ9UUCA2ZOJWDCACP32OLCA5MJ7AJCAZDMT7K.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EDLK40C\WLCAVJCU07CA2WCL2MCAOBAUEMCAGPDQ15CA09W5YECAKNGGWLCAW63856CAUL5VAECA2LZ2ZVCAYVFU6YCAV2AJ2TCANV1FMMCAJKHQ64CAI8KSXFCAF8QLC2CAHMN0QDCALZWUA9CAT8T8E3CA6ZXM8TCA1DG2N5CA8RAJ4T.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\16CAEKNF8ECA7IPW0BCAZK22JHCAT0FTGVCA1Q3MKRCA9FCTEECAA17GFJCAWPFZXGCATYXCTZCA9S2Y00CA6LVK0XCA0YBM2XCA0AGQPXCA1K3O36CASGDIETCAIRQ5E7CAM9FOV4CAZLIYC2CA9Y83WICA6O628DCA89K1VQ.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\4FCA3APK8CCALGNF1PCAUM6U9WCAC8R9GRCAKTS5H0CAVZOMN9CAXM7PT8CAEO8IGBCAQUZ4RRCA28NT1MCAQP8JM4CA95DOWVCA7NI306CAGLIXHSCAPQZKLOCAFRJG8YCATYTHI2CAFLW00TCAY9HE4PCAKHWGEWCA02ZXQ8.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\BCCA72LF0NCAYDMF0HCACHFH5PCAG3BH3UCABXSEGDCAUWA2HXCAUWWRE2CAEK1Q7QCAYDF9URCABKLK2FCAC10N14CALOV380CAWIWU5ACA4TSZDECAY1WKN7CA5ITENRCAO86HNICA0FDFHVCAOMZFSRCAEUN0TTCAAXS5M7.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\IECAP970E3CAA9UYY9CAIEY53GCAVW81LACAK97RV2CAIH2BDQCAH0CDUXCAA1VFMGCAZSFKPTCA07FHX0CA4IKD3DCAKCZ9KTCA85UW7XCAPF2MOSCA8PFFNNCAVB2AODCAB3KMSNCADS1GJKCA8JD3EYCAC6JUCGCAX9Z5GM.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\KICANBNG13CAOZFKGUCA45VSBTCA8EFVTUCAJ4VJ2FCAD3OPOYCA0PGJJ9CAXM9ZO3CADFVSB4CA92U371CAHC5PYUCA4WY6U8CANYW8PZCAQRRJGMCAE8BR3SCAEE718PCAY2DMTCCA2I9BLFCAJP0FWUCAILSA85CANBR0JL.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\QFCA3P6T0OCAX050D4CA5KXLGLCACWSW4GCAVXPG7KCACDO9C4CAPR633CCAK1AK8NCAFPE886CAY94MAICAH3FZHVCAWV0K51CA9A0GGXCAPLNSOSCAO6PAX6CAEHVO2NCA138GFRCAL02CVKCAG1GTECCAGUWJCDCACMH9XY.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\RICA6OOLZUCAMO59X6CAD3YCDCCA44VBUDCA79HEJLCA5WLZUYCATASRFQCAH70AY6CA5NF6IRCABGZ23DCAPTT71MCA2DQO24CAPU04HRCA48H1JNCA41VXP1CAADH6XZCASSZ3PWCA2A15WHCA2427H6CAC1XKAZCACSQYIT.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\3M4DPGH5\T6CADQNLQICAXXQ4K2CA6UCT3FCASUMN0NCAQHTC6CCAUJ1U1GCALBM0A7CA6658N9CARYWM6RCA49UBADCAIKJQG9CA3DRNJPCAOHM7XSCAK5C413CAZVGGPMCAW8645UCA0G1LXLCAMGC2ZFCADWHMECCA71A5ZYCAUWKUKC.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\0PCA83BQ24CANL145ACA4K8Y4CCASEOWBECABMDGUWCAAC5EH7CA2NGOP1CAVAWDYECASQLB18CAA1XLBYCATI0CQVCA8KVNW3CAXYMOZ6CASZYV99CA2KAF09CAGVX5LKCAFMQWZ0CA4T5477CAI56K0ICAP1HDHHCAW2XKFJ.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\3CCAYXFOS5CAE8LFAOCALTJCSNCAXROXLECAHJCMT3CAQ371MKCAC8XZOWCA63ZSMFCA4AMXIZCA2CQOWVCAJB7FW5CABMNKGGCAQB2UIHCAEEPDEKCA26GXAZCABRH0LWCAJH7B7QCA338W0OCAUPAT0ICA150OP0CAB84GI1.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\5TCARVVF0TCAFFOOJTCAC2TMMKCAMJV2BNCA468K7DCA1RVUYDCAC57GFACA4XG3WFCA4OKXWYCAWRDYN7CAJ3BAGTCA8JL5M5CA10K249CAAQVVEBCAX5ZIG8CAE6QOY4CAAEZ3B6CA9H2YXTCA5G71ZPCAKRT4OHCA9CGZEU.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\7BCAHD12VPCAQI9ZHACAFGDQ2JCAB2S0HOCA27BEGOCA5K7ZCTCAUTWZTVCAEY4Z64CA5Y7GB4CAMB0IDZCAR8FL1ICA5ING4GCA5KBA7XCARRE539CAJMG9A2CAISCCETCACA4FV5CAL3ZNO1CA3LMC37CA9Z9VOQCAJUFR32.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\9VCA5ENVWHCANMQNDWCAJDVBH4CAVRFLIBCAK6XMYHCADK5U49CAF9E3G9CAHS66K8CAGPZQH2CADHOKGCCA6WY9YDCAS8BFGMCA2L2NR5CA33PNZRCAN637KFCAYTK2MKCAFJMVKHCARKRNYOCAGL0WNUCAZXBFV2CAL72H1K.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\ARCAU2GX52CA1GDP0LCA65N8Q8CAZK8D85CA05MDECCA2VA4KTCABY97VICACU7EZMCASWYE9FCAT75BJLCAENJCG8CA43AEQFCAZASE6FCAETEVYGCA49JJ9VCABJMTDSCAVBJOR9CABIOUG7CAVGRMNNCAETNDM5CAH9FHQJ.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\cSN6lg0okWpcAB69q%2FB%3D_9VmDNG_fyA-%2FJ%3D1243896471561990%2FK%3DxnzxsgQR6KP1IKXvw0g2bA%2FA%3D5404748%2FR%3D0%2F%2A%24,http%3A%2F%2Faddress.mail.yahoo[1].com%2F,;ord=1243896472 not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\DOCA197IUECAUK1TB3CAHY3QAFCA5PD0DMCA76I5UHCAKYCA60CAQ5XNKACA0AP6RWCAZ6QIJXCA9QK5SJCA9VK7V5CAWG3PU1CABFU6CACAAYSMJXCA489TC6CAB3J861CAUC91ZNCAU2HMX6CAH4KS00CAEB5IWUCATPO71V.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\GWCASXIAUUCACKVD91CA260ABQCA7C2LQ3CA8LCCFICAACJZWCCAT9NHBDCAKLJ54PCACJ076NCAUJYA06CAFDEWCACADEHLY0CAISNAK1CAZEBBWPCAFCY4NSCA0N66VCCAV7O0A0CA0V3JOYCAHZFOM9CAX6IO36CAZAGL7B.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\MNCASTT046CAPHUG0PCAFGLTECCAZC1R02CAEM7Q3JCAVQCWZ7CA2QTF9RCA1T3ROFCALE7KFBCAJQPYBKCAXG5JOPCAT00AZMCATG2TROCAP4IUVUCA7NAUZZCA2ZGK4ECAKBREJSCA4YQ58OCAAE2Z4KCATSTF0ACAZMU0VG.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\OJCAZBBXOLCANJ8J5NCA3WX1LQCA7ZGHUCCAE0ZYEGCAF78IR3CA5MIXICCA6A8KYHCAJXMYGICA5A5AJYCAPP2MBBCAWTB3YJCASTWIRLCAQSW0SHCA5HSJH8CALD0T4JCA1MGLAMCAODZUZJCAV4GY66CA3F3G40CA118WEG.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\QUCA3R5L19CAETCN8ACA6B5Q5ACA5190UYCAI4U279CAE8PTQ3CA610W8MCA1DRYV2CA0AJ7RVCAQVOFB8CATDWKSGCA7Q5YVSCAJ1CSUGCAXQ3MBKCAW30RDOCAGFPTTZCA1DBL9ACAL6BYV1CA25W0YMCAE1GHDDCAL0DM2S.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\TBCAGA113ICAJ7BN4FCA8I4XSLCAQ8FTE2CA3GKG4XCA501D19CASHGXF2CA16HXI3CAUD1ZUOCAF68U9WCA2EABEGCAU842EJCA6DS1G1CANP82STCAY00IRBCAHGVTJKCA2C9SPYCAP8JL30CASQBERCCAAI7BX9CAZTL521.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Internet Files\Content.IE5\2I1PP9GJ\VBCAD1QLF3CAZ70LGXCA0RAT7ECAJV9QAPCAPR8X7DCAWUPV4ICAPPQ92SCALG3R0QCAN3O1NMCAFCS8AFCAVAT5QCCAT15YOTCAV53XROCANQ24FLCA1D44QPCAN6IN3RCA3CM76VCAC294I3CA1MNU51CA5W7X2YCA1KPRMH.txt not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC5B6.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC5C0.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC741.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC749.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC8C0.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFC8D8.tmp not found!
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\5CYZA048\iframe[1].htm moved successfully.
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\5CYZA048\topic336293[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\mcafee_azBn2mZyLyVnhRZ not found!
File\Folder C:\WINDOWS\temp\mcmsc_4vpDG1E6dgYmvVO not found!
File\Folder C:\WINDOWS\temp\mcmsc_BwwnVZtSUNedrfP not found!
File\Folder C:\WINDOWS\temp\mcmsc_Di2ZBhfXPcCqGIZ not found!

Registry entries deleted on Reboot...

OTL logfile created on: 8/10/2010 4:37:40 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 21.78 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.75 Gb Total Space | 3.74 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Drive F: | 952.19 Mb Total Space | 608.64 Mb Free Space | 63.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUESHEALER
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2010/06/16 15:07:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/20 16:31:16 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2005/12/16 17:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/03 15:26:22 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\DirectX\svchost.exe -- (svchost32)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 09:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/09 01:38:47 | 000,006,784 | ---- | M] (SoftCamp Co., Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsk4.sys -- (scsk4)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIMMP)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/02 17:02:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/17 17:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 15:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/21 22:37:32 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/16 17:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 11:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 19:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 22:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 15:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/05/28 04:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 14:02:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 14:37:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 19:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 19:08:20 | 000,000,000 | ---D | M]

[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\5spapcu5.default\extensions
[2010/07/25 19:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/10 16:18:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {F9B72325-A029-4a39-943A-02433C978829} - C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3\escort.dll (esnips)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1280548309046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23 1.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 14:28:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 16:18:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/10 15:36:54 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/08/09 14:27:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/02 19:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/02 19:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/31 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\gmer
[2010/07/31 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder (2)
[2010/07/31 17:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder
[2010/07/31 17:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Safe mirror
[2010/07/31 17:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/29 20:47:22 | 000,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/07/29 20:47:17 | 000,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/07/29 20:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/07/29 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/07/27 02:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ElevatedDiagnostics
[2010/07/27 02:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/26 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Template
[2010/07/26 13:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\DoctorWeb
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Mozilla
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Mozilla
[2010/07/25 18:49:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/25 18:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 18:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 18:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 18:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 18:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 18:40:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Steele
[2010/07/25 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/07/25 11:43:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 11:43:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 10:35:32 | 000,000,000 | ---D | C] -- C:\xp_txt_fix
[2010/07/25 10:35:22 | 000,000,000 | ---D | C] -- C:\xp_regfile
[2010/07/25 10:35:11 | 000,000,000 | ---D | C] -- C:\xp_mpg_fix_reg
[2010/07/25 10:34:56 | 000,000,000 | ---D | C] -- C:\xp_ico_file_assoc_fix
[2010/07/25 10:34:45 | 000,000,000 | ---D | C] -- C:\xp_giffile_fix
[2010/07/25 10:34:34 | 000,000,000 | ---D | C] -- C:\xp_drive_association_fix
[2010/07/25 10:34:22 | 000,000,000 | ---D | C] -- C:\xp_com_fix
[2010/07/25 10:34:08 | 000,000,000 | ---D | C] -- C:\scf_assoc_fix
[2010/07/25 10:33:57 | 000,000,000 | ---D | C] -- C:\ie_desktop_icon
[2010/07/25 10:33:38 | 000,000,000 | ---D | C] -- C:\xp_vbs_file_association
[2010/07/25 10:33:27 | 000,000,000 | ---D | C] -- C:\xp_tiff_fix
[2010/07/25 10:33:09 | 000,000,000 | ---D | C] -- C:\xp_mspfix
[2010/07/25 10:32:44 | 000,000,000 | ---D | C] -- C:\xp_jpg_jpe_jpeg_file_assoc_fix
[2010/07/25 10:32:28 | 000,000,000 | ---D | C] -- C:\xp_hta_fix
[2010/07/25 10:32:13 | 000,000,000 | ---D | C] -- C:\xp_exe_fix
[2010/07/25 10:31:59 | 000,000,000 | ---D | C] -- C:\xp_directory_reg
[2010/07/25 10:31:45 | 000,000,000 | ---D | C] -- C:\xp_chm_fix
[2010/07/25 10:31:25 | 000,000,000 | ---D | C] -- C:\msi_assoc
[2010/07/25 10:31:09 | 000,000,000 | ---D | C] -- C:\html_association_fix
[2010/07/25 10:30:40 | 000,000,000 | ---D | C] -- C:\batch_file_assoc
[2010/07/25 10:28:25 | 000,000,000 | ---D | C] -- C:\xp_url_shortcut_fix
[2010/07/25 10:28:09 | 000,000,000 | ---D | C] -- C:\xp_scr_fix
[2010/07/25 10:27:42 | 000,000,000 | ---D | C] -- C:\xp_mscfix
[2010/07/25 10:26:58 | 000,000,000 | ---D | C] -- C:\xp_inf_assoc
[2010/07/25 10:25:52 | 000,000,000 | ---D | C] -- C:\xp_hlp_file_fix
[2010/07/25 10:25:15 | 000,000,000 | ---D | C] -- C:\xp_eml_file_assoc
[2010/07/25 10:23:19 | 000,000,000 | ---D | C] -- C:\xp_cpl_file_assoc
[2010/07/25 10:23:01 | 000,000,000 | ---D | C] -- C:\xp_cabfile
[2010/07/25 10:22:43 | 000,000,000 | ---D | C] -- C:\linkfile_fix
[2010/07/25 10:22:12 | 000,000,000 | ---D | C] -- C:\folder_reg
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\SUPERAntiSpyware.com
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/21 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/19 14:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/18 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/17 08:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\FOnline
[2010/07/17 08:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2010/07/15 22:56:42 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/15 15:16:45 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/07/15 15:16:45 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/07/15 15:16:45 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/07/15 15:16:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/07/15 15:16:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/07/15 15:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2010/08/10 16:34:41 | 000,016,749 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/10 16:32:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 16:32:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 16:32:03 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/10 16:31:10 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/08/10 16:31:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2010/08/10 16:18:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/10 16:18:11 | 000,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 16:18:11 | 000,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 16:18:11 | 000,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 15:37:04 | 000,000,002 | ---- | M] () -- C:\dummy.dummy
[2010/08/10 15:34:53 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 21:02:20 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91FBC9A6-CF10-4765-A8E0-EDDF0FFB91E5}.job
[2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/09 14:24:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/05 15:19:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 20:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/02 20:22:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/01 01:00:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/31 20:30:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 21:03:01 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/29 20:48:10 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/29 20:38:09 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Google Chrome.lnk
[2010/07/29 20:38:09 | 000,002,298 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 00:24:29 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/27 00:24:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 00:24:29 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/07/27 00:11:16 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/26 20:22:03 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 17:54:48 | 004,316,622 | -H-- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\IconCache.db
[2010/07/25 19:08:25 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 16:37:19 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/25 11:43:25 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/21 14:34:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/17 08:38:44 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys

========== Files Created - No Company Name ==========

[2010/08/10 15:37:04 | 000,000,002 | ---- | C] () -- C:\dummy.dummy
[2010/08/10 15:34:49 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 14:25:19 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Michelle\mbr.log
[2010/08/09 14:24:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:22:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/07/31 20:30:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 12:24:31 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Michelle\reset.log
[2010/07/26 20:22:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 20:21:33 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/25 19:08:25 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 18:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 18:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 18:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 18:44:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 18:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/25 11:43:25 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/25 10:58:53 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/17 08:38:44 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk
[2009/01/31 00:46:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/05 10:31:33 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/03 12:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 16:54:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/02 16:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/02 16:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/02 16:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/02 16:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/02 16:48:13 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 16:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/02 16:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/02 16:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/02 16:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 16:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 16:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/02 15:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/02 14:35:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 14:23:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 11:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 11:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 12:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 12 August 2010 - 06:31 AM

Hi jiggaz,

I will close your other thread then since it is a duplicate of this one.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 13 August 2010 - 08:54 AM

Hello Syler,
Here is the combo fix log. The recovery console couldn't be installed for some reason. Waiting for further instructions ...

ComboFix 10-08-12.02 - Michelle 08/13/2010 6:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1498 [GMT -7:00]
Running from: c:\documents and settings\Michelle\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Everyone Else\Application Data\alot
c:\documents and settings\Everyone Else\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Everyone Else\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Everyone Else\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Everyone Else\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Everyone Else\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Everyone Else\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Everyone Else\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\products\products.xml
c:\documents and settings\Everyone Else\Application Data\alot\products\products.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\alert-icon.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\clear.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\cloudy.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG124.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG12A.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG15C.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG165.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG16A.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG1747.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG1EF.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG202.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG212.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG24D.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG3A5.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG3DE.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG43A.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG468.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG48A.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG4B3.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG51A.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMG560.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGAD.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGAE.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGB2D.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGB5.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGBB.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGBC9.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGBE.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGD8.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\IMGDA.tmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\mcloud.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\nclear.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\nmcloud.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_6\images\pcloud.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Everyone Else\Application Data\alot\Tem469.tmp
c:\documents and settings\Everyone Else\Application Data\alot\TemA4.tmp
c:\documents and settings\Everyone Else\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Everyone Else\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\toolbar.xml
c:\documents and settings\Everyone Else\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Everyone Else\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Everyone Else\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Everyone Else\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Everyone Else\Local Settings\Application Data\{3DB5B639-E002-4299-8E94-052AB68C2FA5}
c:\documents and settings\Everyone Else\Local Settings\Application Data\{3DB5B639-E002-4299-8E94-052AB68C2FA5}\chrome.manifest
c:\documents and settings\Everyone Else\Local Settings\Application Data\{3DB5B639-E002-4299-8E94-052AB68C2FA5}\chrome\content\_cfg.js
c:\documents and settings\Everyone Else\Local Settings\Application Data\{3DB5B639-E002-4299-8E94-052AB68C2FA5}\chrome\content\overlay.xul
c:\documents and settings\Everyone Else\Local Settings\Application Data\{3DB5B639-E002-4299-8E94-052AB68C2FA5}\install.rdf
c:\documents and settings\HelpAssistant\GearsSetup.exe
c:\documents and settings\Michelle\Application Data\alot
c:\documents and settings\NetworkService\Application Data\alot
c:\documents and settings\Shane\DOSBox0.73-win32-installer.exe
c:\documents and settings\Shane\FOnline2238Client.exe
c:\program files\Common Files\System\Uninstall
c:\windows\system32\config\systemprofile\Application Data\alot

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATAPIDRV
-------\Legacy_SVCHOST32
-------\Service_AtapiDrv
-------\Service_svchost32


((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-10 23:18 . 2010-08-10 23:18 -------- d-----w- C:\_OTL
2010-08-10 22:36 . 2010-08-10 22:37 -------- d-----w- C:\HelpAsst_backup
2010-08-03 02:10 . 2010-08-03 02:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-08-03 02:08 . 2010-08-03 02:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-01 00:31 . 2010-08-01 00:31 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Safe mirror
2010-08-01 00:30 . 2010-08-01 00:31 -------- d-----w- c:\program files\Cobian Backup 10
2010-07-30 03:47 . 2008-05-16 13:10 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-07-30 03:47 . 2008-05-16 13:10 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-07-30 03:47 . 2010-07-30 03:47 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-07-30 03:46 . 2010-07-30 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-07-27 09:09 . 2010-07-27 09:09 -------- d-----w- c:\documents and settings\Michelle\Application Data\ElevatedDiagnostics
2010-07-27 03:21 . 2010-07-27 03:21 -------- d-----w- c:\documents and settings\Michelle\Application Data\Template
2010-07-26 20:20 . 2010-07-26 20:20 -------- d-----w- c:\documents and settings\Michelle\DoctorWeb
2010-07-26 02:08 . 2010-07-26 02:08 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\Mozilla
2010-07-26 00:00 . 2010-07-29 19:20 -------- d-----w- c:\documents and settings\Everyone Else\Local Settings\Application Data\Temp
2010-07-25 23:59 . 2010-07-25 23:59 -------- d-sh--w- c:\documents and settings\Everyone Else\IECompatCache
2010-07-25 18:43 . 2010-07-25 18:43 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes
2010-07-25 18:43 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 18:43 . 2010-07-25 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-25 18:43 . 2010-07-25 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 18:43 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 17:35 . 2010-07-25 17:35 -------- d-----w- C:\xp_txt_fix
2010-07-25 17:35 . 2010-07-25 17:35 -------- d-----w- C:\xp_regfile
2010-07-25 17:35 . 2010-07-25 17:35 -------- d-----w- C:\xp_mpg_fix_reg
2010-07-25 17:34 . 2010-07-25 17:34 -------- d-----w- C:\xp_ico_file_assoc_fix
2010-07-25 17:34 . 2010-07-25 17:34 -------- d-----w- C:\xp_giffile_fix
2010-07-25 17:34 . 2010-07-25 17:34 -------- d-----w- C:\xp_drive_association_fix
2010-07-25 17:34 . 2010-07-25 17:34 -------- d-----w- C:\xp_com_fix
2010-07-25 17:34 . 2010-07-25 17:34 -------- d-----w- C:\scf_assoc_fix
2010-07-25 17:33 . 2010-07-25 17:33 -------- d-----w- C:\ie_desktop_icon
2010-07-25 17:33 . 2010-07-25 17:33 -------- d-----w- C:\xp_vbs_file_association
2010-07-25 17:33 . 2010-07-25 17:33 -------- d-----w- C:\xp_tiff_fix
2010-07-25 17:33 . 2010-07-25 17:33 -------- d-----w- C:\xp_mspfix
2010-07-25 17:32 . 2010-07-25 17:32 -------- d-----w- C:\xp_jpg_jpe_jpeg_file_assoc_fix
2010-07-25 17:32 . 2010-07-25 17:32 -------- d-----w- C:\xp_hta_fix
2010-07-25 17:32 . 2010-07-25 17:32 -------- d-----w- C:\xp_exe_fix
2010-07-25 17:31 . 2010-07-25 17:31 -------- d-----w- C:\xp_directory_reg
2010-07-25 17:31 . 2010-07-25 17:31 -------- d-----w- C:\xp_chm_fix
2010-07-25 17:31 . 2010-07-25 17:31 -------- d-----w- C:\msi_assoc
2010-07-25 17:31 . 2010-07-25 17:31 -------- d-----w- C:\html_association_fix
2010-07-25 17:30 . 2010-07-25 17:30 -------- d-----w- C:\batch_file_assoc
2010-07-25 17:28 . 2010-07-25 17:28 -------- d-----w- C:\xp_url_shortcut_fix
2010-07-25 17:28 . 2010-07-25 17:28 -------- d-----w- C:\xp_scr_fix
2010-07-25 17:27 . 2010-07-25 17:27 -------- d-----w- C:\xp_mscfix
2010-07-25 17:26 . 2010-07-25 17:26 -------- d-----w- C:\xp_inf_assoc
2010-07-25 17:25 . 2010-07-25 17:25 -------- d-----w- C:\xp_hlp_file_fix
2010-07-25 17:25 . 2010-07-25 17:25 -------- d-----w- C:\xp_eml_file_assoc
2010-07-25 17:23 . 2010-07-25 17:23 -------- d-----w- C:\xp_cpl_file_assoc
2010-07-25 17:23 . 2010-07-25 17:23 -------- d-----w- C:\xp_cabfile
2010-07-25 17:22 . 2010-07-25 17:22 -------- d-----w- C:\linkfile_fix
2010-07-25 17:22 . 2010-07-25 17:22 -------- d-----w- C:\folder_reg
2010-07-24 21:39 . 2010-07-24 21:39 -------- d-----w- c:\documents and settings\Michelle\Application Data\SUPERAntiSpyware.com
2010-07-24 21:39 . 2010-07-24 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-24 21:20 . 2010-07-24 21:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-24 21:20 . 2010-07-24 21:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-24 20:23 . 2010-07-24 20:23 120 ----a-w- c:\documents and settings\Everyone Else\Local Settings\Application Data\Bpuxowetohekafo.dat
2010-07-24 20:23 . 2010-07-24 20:23 0 ----a-w- c:\documents and settings\Everyone Else\Local Settings\Application Data\Btucoxagijoba.bin
2010-07-24 06:36 . 2010-07-25 11:06 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\yigshvxae
2010-07-19 21:07 . 2010-07-19 21:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-19 21:05 . 2010-07-19 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-19 20:13 . 2010-07-19 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-07-17 15:56 . 2010-07-17 15:56 -------- d-----w- c:\program files\FOnline
2010-07-17 15:35 . 2010-07-17 15:35 -------- d-----w- c:\program files\GOG.com
2010-07-16 05:56 . 2010-07-16 05:56 -------- d-----w- C:\spoolerlogs
2010-07-15 22:16 . 2010-07-15 22:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\esnips.com
2010-07-15 22:16 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-15 22:16 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-07-15 22:16 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-07-15 22:16 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-07-15 22:16 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-07-15 22:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-07-15 22:16 . 2010-07-15 22:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MySpace
2010-07-15 22:15 . 2010-07-19 21:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 21:19 . 2010-03-13 00:13 -------- d-----w- c:\program files\McAfee
2010-07-31 03:55 . 2006-03-03 00:08 43200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 19:09 . 2008-11-06 01:27 43200 ----a-w- c:\documents and settings\Everyone Else\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-30 03:47 . 2006-03-03 00:02 -------- d-----w- c:\program files\Pure Networks
2010-07-30 03:42 . 2010-07-30 03:46 14579000 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2010-07-27 07:11 . 2010-07-27 03:21 142 ----a-w- c:\documents and settings\Michelle\Application Data\wklnhst.dat
2010-07-25 23:37 . 2009-01-03 00:33 -------- d-----w- c:\documents and settings\Everyone Else\Application Data\Apple Computer
2010-07-17 15:15 . 2010-07-11 18:18 609017688 ----a-w- c:\documents and settings\Shane\FOnline2238Client.1.exe
2010-07-16 11:23 . 2010-07-30 04:15 178762 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-15 22:18 . 2010-03-13 00:13 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 15:45 . 2010-06-26 08:27 609017688 ----a-w- c:\documents and settings\Shane\setup_fallout_2.exe
2010-06-23 10:40 . 2010-06-23 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Synthetic Reality
2010-06-23 10:39 . 2010-06-23 10:39 9855503 ----a-w- c:\documents and settings\Shane\WellOfSouls.exe
2010-06-05 01:06 . 2009-08-04 18:14 128 ----a-w- c:\documents and settings\Shane\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-31 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-02-20 1589248]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-2 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\D-Link Media Server\\MediaGUI.exe"=
"c:\\Program Files\\D-Link Media Server\\MediaServer.exe"=
"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"c:\\Documents and Settings\\Everyone Else\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2010 5:16 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2009 9:03 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/3/2009 12:24 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/25/2010 11:43 AM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-13 19:22]

2010-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-13 19:22]

2010-08-13 c:\windows\Tasks\User_Feed_Synchronization-{91FBC9A6-CF10-4765-A8E0-EDDF0FFB91E5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\5spapcu5.default\
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\MySpace\Toolbar\1.0.72.0\components\MySpaceFFoxTB.dll
FF - plugin: c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AtapiDrv.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 06:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4020)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\igfxext.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-13 06:46:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 13:46

Pre-Run: 23,838,748,672 bytes free
Post-Run: 25,200,783,360 bytes free

- - End Of File - - 054369FDEFBEB34DA1E8AAF8D40EF1C7

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 13 August 2010 - 10:02 AM

Can you tell me how the computer is running now and if you still have any problems?

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#9 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 14 August 2010 - 08:24 AM

Hello Syler,
Everything is looking good on my profile (Michelle). When I logged on to the internet on the "Everyone Else" profile I was almost immediately hit with Pop-ups and spyware and fake antivirus alerts. I deleted the "Everyone Else" and "Shane" profiles and everything appears to be working okay so far. Here is the mbr log you requested. Thanks for all your help so far...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 14 August 2010 - 05:25 PM

Hi jiggaz,

You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push



Then run a new OTL scan and post back with the ESET and OTL logs.

Thanks

unite.jpg


#11 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 15 August 2010 - 01:34 AM

Hello Syler,
Uninstalled and reinstalled Java. Under the EsetOnline Scan directions there appear to be icons in the instructions that are not showing up. For example on the first instruction it says click the X button and the next instruction says check X. I looked up the post on a non-infected computer and its doing the same thing. I'm not sure what the problem is with that but can you resend the message or fill me in with words what I am supposed to do? Thanks for your help, awaiting your response.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 15 August 2010 - 12:17 PM

Here you go.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the ESET Online Scanner button.
  • Check "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check "Scan archives"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Push Export to text file, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the <<Back button.
  • Push Finish

unite.jpg


#13 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 15 August 2010 - 05:07 PM

Hello Syler,
Here are the logs you requested...

OTL logfile created on: 8/15/2010 2:53:39 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 21.98 Gb Free Space | 19.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.75 Gb Total Space | 3.74 Gb Free Space | 99.50% Space Free | Partition Type: FAT32
Drive F: | 952.19 Mb Total Space | 608.64 Mb Free Space | 63.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUESHEALER
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2010/06/16 15:07:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/20 16:31:16 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2005/12/16 17:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/03 15:26:22 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 09:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/09 01:38:47 | 000,006,784 | ---- | M] (SoftCamp Co., Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsk4.sys -- (scsk4)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIMMP)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/02 17:02:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/17 17:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 15:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/21 22:37:32 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/16 17:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 11:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 19:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 22:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 15:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/05/28 04:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 14:02:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 14:37:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 19:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 23:25:59 | 000,000,000 | ---D | M]

[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\5spapcu5.default\extensions
[2010/08/14 23:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 23:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/14 23:25:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/13 06:38:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {F9B72325-A029-4a39-943A-02433C978829} - C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3\escort.dll (esnips)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1280548309046 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23 1.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 14:28:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 12:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/14 23:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/14 23:25:58 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/14 23:25:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 23:25:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 23:25:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 23:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\JavaRa
[2010/08/14 22:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/14 22:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/14 22:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/08/14 22:52:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/08/14 22:52:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/08/14 22:52:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/08/14 22:52:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/08/14 22:52:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/08/14 22:52:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/08/14 22:52:46 | 000,000,000 | ---D | C] -- C:\c8b1b0766da43afbcc
[2010/08/13 14:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Shane
[2010/08/13 06:56:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/10 16:18:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/10 15:36:54 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/08/09 14:27:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/02 19:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/02 19:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/31 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\gmer
[2010/07/31 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder (2)
[2010/07/31 17:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder
[2010/07/31 17:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Safe mirror
[2010/07/31 17:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/29 20:47:22 | 000,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/07/29 20:47:17 | 000,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/07/29 20:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/07/29 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/07/27 02:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ElevatedDiagnostics
[2010/07/27 02:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/26 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Template
[2010/07/26 13:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\DoctorWeb
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Mozilla
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Mozilla
[2010/07/25 18:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 18:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 18:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 18:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 18:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 18:40:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Steele
[2010/07/25 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/07/25 11:43:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 11:43:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 10:35:32 | 000,000,000 | ---D | C] -- C:\xp_txt_fix
[2010/07/25 10:35:22 | 000,000,000 | ---D | C] -- C:\xp_regfile
[2010/07/25 10:35:11 | 000,000,000 | ---D | C] -- C:\xp_mpg_fix_reg
[2010/07/25 10:34:56 | 000,000,000 | ---D | C] -- C:\xp_ico_file_assoc_fix
[2010/07/25 10:34:45 | 000,000,000 | ---D | C] -- C:\xp_giffile_fix
[2010/07/25 10:34:34 | 000,000,000 | ---D | C] -- C:\xp_drive_association_fix
[2010/07/25 10:34:22 | 000,000,000 | ---D | C] -- C:\xp_com_fix
[2010/07/25 10:34:08 | 000,000,000 | ---D | C] -- C:\scf_assoc_fix
[2010/07/25 10:33:57 | 000,000,000 | ---D | C] -- C:\ie_desktop_icon
[2010/07/25 10:33:38 | 000,000,000 | ---D | C] -- C:\xp_vbs_file_association
[2010/07/25 10:33:27 | 000,000,000 | ---D | C] -- C:\xp_tiff_fix
[2010/07/25 10:33:09 | 000,000,000 | ---D | C] -- C:\xp_mspfix
[2010/07/25 10:32:44 | 000,000,000 | ---D | C] -- C:\xp_jpg_jpe_jpeg_file_assoc_fix
[2010/07/25 10:32:28 | 000,000,000 | ---D | C] -- C:\xp_hta_fix
[2010/07/25 10:32:13 | 000,000,000 | ---D | C] -- C:\xp_exe_fix
[2010/07/25 10:31:59 | 000,000,000 | ---D | C] -- C:\xp_directory_reg
[2010/07/25 10:31:45 | 000,000,000 | ---D | C] -- C:\xp_chm_fix
[2010/07/25 10:31:25 | 000,000,000 | ---D | C] -- C:\msi_assoc
[2010/07/25 10:31:09 | 000,000,000 | ---D | C] -- C:\html_association_fix
[2010/07/25 10:30:40 | 000,000,000 | ---D | C] -- C:\batch_file_assoc
[2010/07/25 10:28:25 | 000,000,000 | ---D | C] -- C:\xp_url_shortcut_fix
[2010/07/25 10:28:09 | 000,000,000 | ---D | C] -- C:\xp_scr_fix
[2010/07/25 10:27:42 | 000,000,000 | ---D | C] -- C:\xp_mscfix
[2010/07/25 10:26:58 | 000,000,000 | ---D | C] -- C:\xp_inf_assoc
[2010/07/25 10:25:52 | 000,000,000 | ---D | C] -- C:\xp_hlp_file_fix
[2010/07/25 10:25:15 | 000,000,000 | ---D | C] -- C:\xp_eml_file_assoc
[2010/07/25 10:23:19 | 000,000,000 | ---D | C] -- C:\xp_cpl_file_assoc
[2010/07/25 10:23:01 | 000,000,000 | ---D | C] -- C:\xp_cabfile
[2010/07/25 10:22:43 | 000,000,000 | ---D | C] -- C:\linkfile_fix
[2010/07/25 10:22:12 | 000,000,000 | ---D | C] -- C:\folder_reg
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\SUPERAntiSpyware.com
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/21 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/19 14:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/18 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/17 08:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\FOnline
[2010/07/17 08:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com

========== Files - Modified Within 30 Days ==========

[2010/08/15 14:55:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91FBC9A6-CF10-4765-A8E0-EDDF0FFB91E5}.job
[2010/08/15 14:48:41 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Shortcut to Internet Explorer.lnk
[2010/08/15 14:48:09 | 000,017,593 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/15 14:45:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 14:45:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 14:45:16 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 14:44:06 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/08/15 14:44:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2010/08/15 12:17:04 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 12:17:04 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 12:17:04 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 09:51:48 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/08/14 23:25:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 23:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 23:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 23:25:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/14 23:25:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/14 23:02:29 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 22:45:51 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\JavaRa.zip
[2010/08/14 06:15:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 06:40:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/13 06:38:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/12 15:22:57 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Google Chrome.lnk
[2010/08/12 15:22:57 | 000,002,298 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/12 11:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 15:37:04 | 000,000,002 | ---- | M] () -- C:\dummy.dummy
[2010/08/10 15:34:53 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/09 14:24:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/02 20:22:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/01 01:00:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/31 20:30:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 00:24:29 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/27 00:24:29 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/07/27 00:11:16 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 20:22:03 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 17:54:48 | 004,316,622 | -H-- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\IconCache.db
[2010/07/25 19:08:25 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 16:37:19 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/25 11:43:25 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/21 14:34:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/17 08:38:44 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk

========== Files Created - No Company Name ==========

[2010/08/15 14:48:40 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Shortcut to Internet Explorer.lnk
[2010/08/14 22:45:50 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\JavaRa.zip
[2010/08/12 19:29:51 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/10 15:37:04 | 000,000,002 | ---- | C] () -- C:\dummy.dummy
[2010/08/10 15:34:49 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 14:25:19 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Michelle\mbr.log
[2010/08/09 14:24:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:22:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/07/31 20:30:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 12:24:31 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Michelle\reset.log
[2010/07/26 20:22:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 20:21:33 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/25 19:08:25 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 18:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 18:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 18:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 18:44:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 18:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/25 11:43:25 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/17 08:38:44 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fallout 2.lnk
[2009/01/31 00:46:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/05 10:31:33 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/03 12:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 16:54:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/02 16:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/02 16:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/02 16:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/02 16:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/02 16:48:13 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 16:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/02 16:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/02 16:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/02 16:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 16:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 16:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/02 15:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/02 14:35:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 14:23:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 11:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 11:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 12:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

C:\Documents and Settings\Everyone Else\Local Settings\Application Data\kfyuujpxo\khdgoershdw.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Everyone Else\Local Settings\temp\svchost.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3HKH93PK\ehep[1].jar a variant of Java/TrojanDownloader.Agent.NAL trojan deleted - quarantined
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Local Settings\Temp\jar_cache19875.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Local Settings\Temp\jar_cache62513.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Local Settings\Temporary Internet Files\Content.IE5\7FAYS067\KAV3[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Local Settings\Temporary Internet Files\Content.IE5\HX0ECZ7I\KAV3[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined
C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3\escortApp.dll a variant of Win32/Adware.Lifze.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP417\A0172294.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP417\A0172295.dll a variant of Win32/Adware.Lifze.A application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\AtapiDrv.sys a variant of Win32/Rootkit.Kryptik.BU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\bdMWayay.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\bdMWayay.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\edgiPXbc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\edgiPXbc.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\JQqpXGgh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\JQqpXGgh.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08102010_161808\C_WINDOWS\system32\drivers\pgmilega.sys a variant of Win32/Bubnix.AW trojan cleaned by deleting


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:24 AM

Posted 16 August 2010 - 07:53 AM

Hi jiggaz,

I still see a couple of things there that we need to fix.


Please use the instructions on this page to change your DNS servers to use OpenDNS

https://www.opendns.com/start/device/windows-xp/print



Click Start>Run and type helpasst -cleanup then hit Enter.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.



Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • RKUnHooker report

Thanks

unite.jpg


#15 jiggaz

jiggaz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 16 August 2010 - 03:14 PM

Hello Syler,

The following logs and reports as per your request...

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Everyone Else
->Temp folder emptied: 20309 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 4647 bytes
->FireFox cache emptied: 28276389 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1078 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Flash cache emptied: 0 bytes

User: Michelle
->Temp folder emptied: 95269618 bytes
->Temporary Internet Files folder emptied: 44566943 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4174 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 880 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 416 bytes

Total Files Cleaned = 161.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08162010_123648

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF284.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF2CE.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF76D.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF7A3.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFFE81.tmp not found!
File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFFF76.tmp not found!
C:\Documents and Settings\Michelle\LocaOTL logfile created on: 8/16/2010 12:46:11 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michelle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 22.57 Gb Free Space | 20.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 952.19 Mb Total Space | 608.64 Mb Free Space | 63.92% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUESHEALER
Current User Name: Michelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
PRC - [2010/06/16 15:07:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/20 16:31:16 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2005/12/16 17:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/03 15:26:22 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/17 18:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 01:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/01/25 09:03:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/11 11:14:06 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/11 10:19:48 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/28 12:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 12:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 12:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/09 01:38:47 | 000,006,784 | ---- | M] (SoftCamp Co., Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsk4.sys -- (scsk4)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIMMP)
DRV - [2009/08/21 23:32:45 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symim.sys -- (SymIM)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/02 17:02:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/17 17:30:58 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/29 15:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2005/12/21 22:37:32 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/16 17:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 11:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/11/08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 19:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/10 22:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 15:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2004/08/10 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.72.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/05/28 04:37:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 14:02:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 14:37:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 19:08:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 23:25:59 | 000,000,000 | ---D | M]

[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/07/25 19:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\5spapcu5.default\extensions
[2010/08/14 23:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 23:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/14 23:25:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/13 06:38:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (CescrtHlpr Object) - {F9B72325-A029-4a39-943A-02433C978829} - C:\Program Files\eSnips.com\eSnipsToolbar\1.3.0.3\escort.dll (esnips)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-859914428-2220038876-3295589113-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1280548309046 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.72 213.109.77.23 1.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/02 14:28:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 20:15:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 12:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/14 23:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/14 23:25:58 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/14 23:25:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 23:25:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 23:25:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 23:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\JavaRa
[2010/08/14 22:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/14 22:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/14 22:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/08/14 22:52:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/08/14 22:52:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/08/14 22:52:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/08/14 22:52:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/08/14 22:52:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/08/14 22:52:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/08/14 22:52:46 | 000,000,000 | ---D | C] -- C:\c8b1b0766da43afbcc
[2010/08/13 14:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Shane
[2010/08/13 06:56:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/10 16:18:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/09 14:27:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/02 19:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/02 19:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/31 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\gmer
[2010/07/31 17:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder (2)
[2010/07/31 17:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\New Folder
[2010/07/31 17:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Safe mirror
[2010/07/31 17:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/29 20:47:22 | 000,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/07/29 20:47:17 | 000,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/07/29 20:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/07/29 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/07/27 02:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\ElevatedDiagnostics
[2010/07/27 02:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/26 20:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Template
[2010/07/26 13:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\DoctorWeb
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Mozilla
[2010/07/25 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Mozilla
[2010/07/25 18:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 18:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/25 18:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 18:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 18:41:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/25 18:40:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/25 17:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Steele
[2010/07/25 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2010/07/25 11:43:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 11:43:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 10:35:32 | 000,000,000 | ---D | C] -- C:\xp_txt_fix
[2010/07/25 10:35:22 | 000,000,000 | ---D | C] -- C:\xp_regfile
[2010/07/25 10:35:11 | 000,000,000 | ---D | C] -- C:\xp_mpg_fix_reg
[2010/07/25 10:34:56 | 000,000,000 | ---D | C] -- C:\xp_ico_file_assoc_fix
[2010/07/25 10:34:45 | 000,000,000 | ---D | C] -- C:\xp_giffile_fix
[2010/07/25 10:34:34 | 000,000,000 | ---D | C] -- C:\xp_drive_association_fix
[2010/07/25 10:34:22 | 000,000,000 | ---D | C] -- C:\xp_com_fix
[2010/07/25 10:34:08 | 000,000,000 | ---D | C] -- C:\scf_assoc_fix
[2010/07/25 10:33:57 | 000,000,000 | ---D | C] -- C:\ie_desktop_icon
[2010/07/25 10:33:38 | 000,000,000 | ---D | C] -- C:\xp_vbs_file_association
[2010/07/25 10:33:27 | 000,000,000 | ---D | C] -- C:\xp_tiff_fix
[2010/07/25 10:33:09 | 000,000,000 | ---D | C] -- C:\xp_mspfix
[2010/07/25 10:32:44 | 000,000,000 | ---D | C] -- C:\xp_jpg_jpe_jpeg_file_assoc_fix
[2010/07/25 10:32:28 | 000,000,000 | ---D | C] -- C:\xp_hta_fix
[2010/07/25 10:32:13 | 000,000,000 | ---D | C] -- C:\xp_exe_fix
[2010/07/25 10:31:59 | 000,000,000 | ---D | C] -- C:\xp_directory_reg
[2010/07/25 10:31:45 | 000,000,000 | ---D | C] -- C:\xp_chm_fix
[2010/07/25 10:31:25 | 000,000,000 | ---D | C] -- C:\msi_assoc
[2010/07/25 10:31:09 | 000,000,000 | ---D | C] -- C:\html_association_fix
[2010/07/25 10:30:40 | 000,000,000 | ---D | C] -- C:\batch_file_assoc
[2010/07/25 10:28:25 | 000,000,000 | ---D | C] -- C:\xp_url_shortcut_fix
[2010/07/25 10:28:09 | 000,000,000 | ---D | C] -- C:\xp_scr_fix
[2010/07/25 10:27:42 | 000,000,000 | ---D | C] -- C:\xp_mscfix
[2010/07/25 10:26:58 | 000,000,000 | ---D | C] -- C:\xp_inf_assoc
[2010/07/25 10:25:52 | 000,000,000 | ---D | C] -- C:\xp_hlp_file_fix
[2010/07/25 10:25:15 | 000,000,000 | ---D | C] -- C:\xp_eml_file_assoc
[2010/07/25 10:23:19 | 000,000,000 | ---D | C] -- C:\xp_cpl_file_assoc
[2010/07/25 10:23:01 | 000,000,000 | ---D | C] -- C:\xp_cabfile
[2010/07/25 10:22:43 | 000,000,000 | ---D | C] -- C:\linkfile_fix
[2010/07/25 10:22:12 | 000,000,000 | ---D | C] -- C:\folder_reg
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\SUPERAntiSpyware.com
[2010/07/24 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/21 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/19 14:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/18 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun

========== Files - Modified Within 30 Days ==========

[2010/08/16 12:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91FBC9A6-CF10-4765-A8E0-EDDF0FFB91E5}.job
[2010/08/16 12:41:09 | 000,017,593 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/16 12:38:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 12:38:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 12:38:22 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 12:37:33 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Michelle\NTUSER.DAT
[2010/08/16 12:37:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle\ntuser.ini
[2010/08/15 12:17:04 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 12:17:04 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 12:17:04 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 09:51:48 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/08/14 23:25:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 23:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 23:25:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 23:25:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/14 23:25:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/14 23:02:29 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/14 22:45:51 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\JavaRa.zip
[2010/08/14 06:15:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 06:40:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/13 06:38:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/12 15:22:57 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Google Chrome.lnk
[2010/08/12 15:22:57 | 000,002,298 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/12 11:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 15:37:04 | 000,000,002 | ---- | M] () -- C:\dummy.dummy
[2010/08/10 15:34:53 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 14:28:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle\Desktop\OTL.exe
[2010/08/09 14:24:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/02 20:22:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/01 01:00:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/31 20:30:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 00:24:29 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/27 00:24:29 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/07/27 00:11:16 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 20:22:03 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 17:54:48 | 004,316,622 | -H-- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\IconCache.db
[2010/07/25 19:08:25 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 16:37:19 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/07/25 11:43:25 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/21 14:34:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/08/14 22:45:50 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\JavaRa.zip
[2010/08/12 19:29:51 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/10 15:37:04 | 000,000,002 | ---- | C] () -- C:\dummy.dummy
[2010/08/10 15:34:49 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\HelpAsst_mebroot_fix.exe
[2010/08/09 14:25:19 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Michelle\mbr.log
[2010/08/09 14:24:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbr.exe
[2010/08/02 20:22:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/07/31 20:30:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\gmer.zip
[2010/07/31 20:22:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\dds.scr
[2010/07/31 20:18:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Defogger.exe
[2010/07/29 20:48:10 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/07/27 12:24:31 | 000,001,067 | ---- | C] () -- C:\Documents and Settings\Michelle\reset.log
[2010/07/26 20:22:03 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Michelle\My Documents\internetfix.wps
[2010/07/26 20:21:33 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\wklnhst.dat
[2010/07/25 19:08:25 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 19:08:25 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 18:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 18:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/25 18:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 18:44:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/25 18:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/25 11:43:25 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 11:40:58 | 000,002,409 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2009/01/31 00:46:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/05 10:31:33 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/03 12:11:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/02 16:54:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/03/02 16:51:49 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/02 16:51:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/02 16:51:49 | 000,009,366 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/02 16:51:49 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/02 16:48:13 | 000,000,275 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/02 16:44:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/02 16:44:43 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/02 16:44:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/02 16:44:43 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/02 16:44:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/02 16:05:27 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/03/02 16:05:27 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/03/02 15:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/02 14:35:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/02 14:23:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/02 11:45:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 11:03:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 12:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/11/28 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
l Settings\Temporary Internet Files\Content.IE5\P03WEP5M\topic336293[1].htm moved successfully.
Registry entries deleted on Reboot...

C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\1D22O575\iframe[1].htm moved successfully.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A6F0660 [4] System
0x8A2B5DA0 [112] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation, Intel® PROSet/Wireless Registry Service)
0x8A2D93E8 [156] C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc., Google Installer)
0x8A279BC0 [272] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A2004D0 [284] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A1B8628 [368] C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc., McAfee Services)
0x896DBDA0 [448] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8A199DA0 [612] C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe (McAfee, Inc., McAfee Network Agent)
0x8A175260 [640] C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc., McAfee Proxy Service Module)
0x88F24020 [652] C:\Documents and Settings\Michelle\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x8A192440 [720] C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe (McAfee, Inc., On-Access Scanner service)
0x8A20ADA0 [808] C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc., McAfee Personal Firewall Service)
0x8A329C60 [948] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89273990 [984] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8A1FDA30 [1012] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8A336DA0 [1036] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x89852020 [1080] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A59DDA0 [1092] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8A207268 [1276] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A1D7680 [1344] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A1ABDA0 [1384] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A3DA878 [1508] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation, Intel® PROSet/Wireless Event Log)
0x8A3B5408 [1544] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation , Wireless Management Service)
0x8A254BD8 [1552] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8981BCA8 [1572] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A591DA0 [1656] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A2D7938 [1696] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8A2EE390 [1700] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x8A1AB518 [1736] C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, Service of ConfigFree.)
0x8A26A510 [1752] C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
0x8A59EBC0 [1764] C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd., DVD-RAM Utility Helper Service)
0x8A58EC08 [1868] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x898F6DA0 [1928] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x8A16D020 [1984] C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)
0x89619BD0 [1992] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x8A1A1568 [2016] C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc., SiteAdvisor)
0x8A2ABDA0 [2044] C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation, ViewMgr)
0x89613580 [2204] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc., Pure Networks Platform Assistant)
0x896DADA0 [2308] C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation, MCRD Device Service)
0x896909E0 [2356] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc., Pure Networks Platform Service)
0x8955EDA0 [2376] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation, SmoothView)
0x89502DA0 [2388] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation, ZeroCfgSvc MFC Application)
0x895B4DA0 [2420] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc., TOSHIBA Hotkey Filter Application)
0x89626B98 [2508] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions, Drive Letter Access Component)
0x892D0638 [2540] C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc., Toshiba Custom PlugIn Application)
0x8A1859F0 [2684] C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc., McAfee SystemGuards Service)
0x892526D0 [2736] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x8922E960 [2788] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8958A020 [2804] C:\WINDOWS\system32\igfxext.exe (Intel Corporation, igfxext Module)
0x896DD598 [2884] C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x89704020 [3120] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x895976F0 [3188] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x8958C850 [3208] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation, TOSHIBA Pinger)
0x8A5E5B98 [3228] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x88D96288 [3248] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8A5E1380 [3252] C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation, Intel 802.1x Server)
0x8958CDA0 [3268] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x8959BAE8 [3272] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x89239990 [3400] C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd., CD Burning of Windows XP disabling tool for DVD MULTI Drive)
0x8A22EBC0 [3424] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x894F4020 [3436] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x8A3C3260 [3504] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe (McAfee, Inc., McAfee Integrated Security Platform)
0x8A5E18F0 [3604] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x892D3DA0 [3612] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x8927B020 [3696] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8A0B6948 [3728] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x8A5E1020 [3756] C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation, Intel Framework MFC Application)
0x8960BB98 [3868] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA, CD/DVD Drive Acoustic Silencer)
0x89651A50 [3916] C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)
0x8A5DE020 [4008] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB98BB000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xB9A54000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1355776 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA9419000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xA9368000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA9561000 C:\WINDOWS\system32\drivers\CHDAud.sys 598016 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA904E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB96B3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9262000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8894000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA893B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA910B000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xA901B000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xA950D000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB9739000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9804000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8A6C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA734B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA90BE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9833000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB9A18000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA914D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB986F000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xA923B000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA9215000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8F7F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9897000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB97E1000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8051000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA90E9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA953F000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF745C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7403000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA92DF000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsubleepa Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8DF9000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8F67000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF741D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB97CA000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8E11000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8DE3000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7434000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA8D69000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xA7E5C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB985B000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9A40000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA92BB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA7C64000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9769000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA92CE000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA6F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7677000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xA9185000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9C1F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA6E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA86D4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9BCF000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA8C01000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA718000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7567000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA708000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7697000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9205000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA728000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7587000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xB9B9F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xA7BBC000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7577000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA73D6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF774F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF779F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77E7000 C:\WINDOWS\system32\drivers\qkbfiltr.sys 32768 bytes (Quanta Computer, Inc., qkbfiltr.sys)
0xF77A7000 C:\WINDOWS\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB97C2000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7787000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF776F000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF777F000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF780F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77FF000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7807000 C:\WINDOWS\system32\drivers\pfc.sys 24576 bytes (Padus, Inc., Padus® ASPI Shell)
0xA8FFB000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF778F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB97B2000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7797000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB97AA000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB97A2000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7747000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77B7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8F4F000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8780000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA7CC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8E33000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA8E4B000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA9350000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF792B000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA7E8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA8E2F000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF7937000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB972D000 C:\WINDOWS\system32\DRIVERS\sffdisk.sys 12288 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0xB9731000 C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 12288 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0xBA7C8000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xBA7F8000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xBA7EC000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7A05000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF79B3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79AB000 C:\WINDOWS\system32\drivers\BoiHwSetup.sys 8192 bytes (Quanta Computer Corp, Toshiba HwSetup Driver)
0xF79A7000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79CF000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79C5000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A3000 C:\WINDOWS\system32\drivers\qmofiltr.sys 8192 bytes (Quanta Computer, Inc., qmofiltr.sys)
0xF79B7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79A5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7ABC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA914B000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA670000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A85000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: Inline - RelativeJump 0x80573DFB-->A903478E [mfehidk.sys]
ntoskrnl.exe-->NtCreateKey, Type: Inline - RelativeJump 0x80578710-->A9034825 [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805B62C0-->A903473C [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8059056D-->A9034750 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80599783-->A9034839 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x805983A2-->A9034865 [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x8057EC5A-->A90348D3 [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x80594DB6-->A90348BD [mfehidk.sys]
ntoskrnl.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8057A879-->A90347CE [mfehidk.sys]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x805E2166-->A90348FF [mfehidk.sys]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80572BDF-->A9034811 [mfehidk.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x8057F592-->A9034714 [mfehidk.sys]
ntoskrnl.exe-->NtOpenThread, Type: Inline - RelativeJump 0x80584849-->A9034728 [mfehidk.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x8057F1C3-->A90347A2 [mfehidk.sys]
ntoskrnl.exe-->NtQueryKey, Type: Inline - RelativeJump 0x8057E85A-->A903493B [mfehidk.sys]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x80655A23-->A90348A7 [mfehidk.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x80572F19-->A9034891 [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x80655EA2-->A903484F [mfehidk.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x806567FE-->A9034927 [mfehidk.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x80656395-->A9034913 [mfehidk.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x80635C83-->A903477A [mfehidk.sys]
ntoskrnl.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x80574B1F-->A9034766 [mfehidk.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x8057FCE0-->A903487B [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x80593435-->A90347FD [mfehidk.sys]
ntoskrnl.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x806550EA-->A90348E9 [mfehidk.sys]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x8057A401-->A90347E4 [mfehidk.sys]
ntoskrnl.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80515AB2-->A90347B8 [mfehidk.sys]
[1080]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1080]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1080]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1080]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1092]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1092]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1092]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1276]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1276]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1276]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1344]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1344]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1344]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1384]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1384]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1384]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x63022BB0-->00000000 [unknown_code_page]
[1384]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302A7D0-->00000000 [unknown_code_page]
[1384]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63075ECF-->00000000 [unknown_code_page]
[1384]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x63023031-->00000000 [unknown_code_page]
[1384]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1552]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1552]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1552]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1572]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1572]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1572]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1656]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1656]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1656]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x63022BB0-->00000000 [unknown_code_page]
[1656]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302A7D0-->00000000 [unknown_code_page]
[1656]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63075ECF-->00000000 [unknown_code_page]
[1656]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x63023031-->00000000 [unknown_code_page]
[1656]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1868]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1868]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1868]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[272]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[272]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2788]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2788]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2788]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2788]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2788]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2788]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2788]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2788]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2788]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2788]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2788]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E4-->00000000 [aclayers.dll]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010BC-->00000000 [aclayers.dll]
[2788]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2788]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2788]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2788]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2788]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2788]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2788]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2788]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2788]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2788]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2788]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2788]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2788]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2788]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x63022BB0-->00000000 [unknown_code_page]
[2788]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302A7D0-->00000000 [unknown_code_page]
[2788]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63075ECF-->00000000 [unknown_code_page]
[2788]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x63023031-->00000000 [unknown_code_page]
[2788]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630014C8-->00000000 [shimeng.dll]
[2788]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x630014CC-->00000000 [aclayers.dll]
[2788]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x63001470-->00000000 [aclayers.dll]
[2788]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x63001430-->00000000 [aclayers.dll]
[2788]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2788]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[2788]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3120]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3120]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3120]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3424]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3424]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3424]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3424]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3424]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3424]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3424]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3424]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3424]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x63022BB0-->00000000 [unknown_code_page]
[3424]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302A7D0-->00000000 [unknown_code_page]
[3424]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63075ECF-->00000000 [unknown_code_page]
[3424]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x63023031-->00000000 [unknown_code_page]
[3424]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630014C8-->00000000 [shimeng.dll]
[3424]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3424]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3696]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3696]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3696]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3696]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3696]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3696]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3696]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3696]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3696]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3696]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3696]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E4-->00000000 [aclayers.dll]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010BC-->00000000 [aclayers.dll]
[3696]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3696]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3696]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3696]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3696]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3696]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3696]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3696]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3696]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3696]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3696]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3696]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3696]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3696]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3696]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3696]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3696]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x63022BB0-->00000000 [unknown_code_page]
[3696]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x6302A7D0-->00000000 [unknown_code_page]
[3696]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x63075ECF-->00000000 [unknown_code_page]
[3696]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x63023031-->00000000 [unknown_code_page]
[3696]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x630014C8-->00000000 [shimeng.dll]
[3696]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x630014CC-->00000000 [aclayers.dll]
[3696]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x63001470-->00000000 [aclayers.dll]
[3696]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x63001430-->00000000 [aclayers.dll]
[3696]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3696]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3696]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[640]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.exe]
[640]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.exe]











0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users