Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed AntiMalwareDoctor, now IE & FF redirecting AND BLUE SCREEN OF DEATH! HELP!


  • This topic is locked This topic is locked
20 replies to this topic

#1 tototo

tototo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 17 August 2010 - 11:13 AM

Hello! I'm a little bit of a fish out of water so thank you in advance for your time and patience! A week ago I found AntiMalwareDoctor loading itself onto my computer. I used your forums for guidance using rkill and MalwareBytes to remove it. After several scans nothing has come up since although I immediately started having the IE and FF redirecting problem (clicking on search engine results and being taken to other random sites as well as pop-ups showing up randomly). I started down the list of to do's with the "Preparation Guide For Use Before Using Malware..." and fell asleep last night while running GMER. I awoke to the blue screen of death. I restarted in safe mode with networking (this is very uncharted waters for me). Also to note* we have an older wireless access point router in which our PS3, 2 laptops and Wii were connected to but upon finding similar problems on another laptop and then our internet all of the sudden shutting down resetting our Linksys access point router, I disconnected all of them from access. Yesterday one of the cables pulled out of the back of the modem and I ended up just connecting this computer(safe mode one) directly into the modem. PS just saw that my husband took it upon himself to start running a scan with superantispyware, I stopped it and will now attach all logs as guide says. THANK YOU!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jenn at 16:15:42.70 on 08/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.123 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Jenn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uDefault_Page_URL = hxxp://start.earthlink.net
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uCustomizeSearch =
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: DeLorme Send To GPS: {fbaad182-3c7a-4bc4-a5e9-207b8e0f02fd} - c:\program files\delorme\sendtogps\PNPluginForIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s
uRun: [EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\windows\temp\E_S53D.tmp" /EF "HKCU"
uRun: [cdloader] "c:\documents and settings\jenn\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Easy Dock]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Easy Dock]
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: MaxRecentDocs = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {41691540-0BFB-4992-9D7D-89D30DD09E9A} - c:\program files\neteraser\NetEraserkey.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: "c:\progra~1\google\google desktop search\GoogleDesktopNetwork3.dll"
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jenn\applic~1\mozilla\firefox\profiles\n6s3n43m.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\jenn\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jenn\application data\move networks\plugins\071801000006\npqmp071801000006.dll
FF - plugin: c:\documents and settings\jenn\application data\mozilla\firefox\profiles\n6s3n43m.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppnplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-17 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-19 67656]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2004-7-20 45568]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-17 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-17 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-17 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-17 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-19 12872]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]

=============== Created Last 30 ================

2010-08-16 21:59:46 0 ----a-w- c:\documents and settings\jenn\defogger_reenable
2010-08-14 07:25:28 0 d-----w- c:\docume~1\alluse~1\applic~1\MemeoCommon
2010-08-14 05:50:18 0 d-----w- c:\docume~1\jenn\applic~1\MioNet
2010-08-14 05:48:34 0 d-----w- c:\docume~1\jenn\applic~1\WD
2010-08-14 00:49:24 0 d-----w- c:\program files\Picasa2
2010-08-14 00:11:49 0 d-----w- c:\program files\MioNet
2010-08-14 00:09:57 0 d-----w- c:\program files\common files\eSellerate
2010-08-14 00:09:48 0 d-----w- c:\program files\WD
2010-08-14 00:06:39 0 d-----w- c:\program files\Western Digital Corporation
2010-08-13 20:50:04 0 d-----w- c:\program files\Western Digital
2010-08-09 21:05:19 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-08-09 21:05:19 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-08-08 09:02:10 0 d-----w- c:\docume~1\jenn\applic~1\Malwarebytes
2010-08-08 09:01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 09:01:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-08 09:01:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 09:01:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 05:13:40 0 d-----w- c:\docume~1\jenn\applic~1\B6D14B2BC313CD7C4A4068B393B1E38B
2010-07-18 20:21:54 0 d-----w- c:\docume~1\jenn\applic~1\Mobipocket
2010-07-18 20:19:52 0 d-----w- c:\program files\Mobipocket.com

==================== Find3M ====================

2010-08-10 03:16:44 46 ----a-w- c:\documents and settings\jenn\jagex_runescape_preferences.dat
2010-08-10 03:00:11 99 ----a-w- c:\documents and settings\jenn\jagex_runescape_preferences2.dat
2010-07-15 23:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-21 02:11:09 0 ----a-w- c:\documents and settings\jenn\jagex__preferences3.dat
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2008-12-16 07:06:10 33221800 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2008-05-20 07:44:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051920080520\index.dat

============= FINISH: 16:19:19.78 ===============


DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 07/10/2004 10:27:51 AM
System Uptime: 08/16/2010 2:03:54 PM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 15.173 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Service: E100B

==== System Restore Points ===================

RP502: 05/18/2010 7:38:26 PM - System Checkpoint
RP503: 05/21/2010 4:06:09 PM - System Checkpoint
RP504: 05/22/2010 8:39:17 PM - System Checkpoint
RP505: 05/25/2010 6:23:24 PM - System Checkpoint
RP506: 05/26/2010 6:00:29 AM - Software Distribution Service 3.0
RP507: 05/27/2010 4:22:06 PM - System Checkpoint
RP508: 05/28/2010 9:49:05 PM - System Checkpoint
RP509: 05/29/2010 10:00:55 PM - System Checkpoint
RP510: 05/31/2010 1:43:11 AM - System Checkpoint
RP511: 06/01/2010 4:15:57 AM - System Checkpoint
RP512: 06/02/2010 8:04:37 PM - System Checkpoint
RP513: 06/04/2010 6:00:35 AM - Software Distribution Service 3.0
RP514: 06/08/2010 6:48:40 PM - System Checkpoint
RP515: 06/12/2010 12:26:07 AM - System Checkpoint
RP516: 06/12/2010 6:02:19 AM - Software Distribution Service 3.0
RP517: 06/13/2010 7:24:19 AM - System Checkpoint
RP518: 06/14/2010 7:28:49 AM - System Checkpoint
RP519: 06/15/2010 7:40:58 AM - System Checkpoint
RP520: 06/16/2010 3:10:13 PM - System Checkpoint
RP521: 06/17/2010 4:21:12 PM - System Checkpoint
RP522: 06/18/2010 11:01:03 PM - System Checkpoint
RP523: 06/20/2010 6:25:14 AM - System Checkpoint
RP524: 06/21/2010 2:30:45 PM - System Checkpoint
RP525: 06/23/2010 6:00:44 AM - Software Distribution Service 3.0
RP526: 06/24/2010 6:00:37 AM - Software Distribution Service 3.0
RP527: 06/25/2010 8:00:07 AM - System Checkpoint
RP528: 06/26/2010 8:25:00 AM - System Checkpoint
RP529: 06/27/2010 3:40:32 PM - System Checkpoint
RP530: 07/03/2010 3:59:05 PM - System Checkpoint
RP531: 07/04/2010 4:00:15 PM - System Checkpoint
RP532: 07/05/2010 5:15:45 PM - System Checkpoint
RP533: 07/08/2010 1:13:09 PM - System Checkpoint
RP534: 07/09/2010 5:12:58 PM - System Checkpoint
RP535: 07/10/2010 9:47:49 PM - System Checkpoint
RP536: 07/12/2010 12:19:12 PM - System Checkpoint
RP537: 07/14/2010 6:01:18 AM - Software Distribution Service 3.0
RP538: 07/17/2010 9:42:38 PM - System Checkpoint
RP539: 07/18/2010 12:19:41 PM - Installed Mobipocket Reader 6.2
RP540: 07/19/2010 3:31:26 PM - System Checkpoint
RP541: 07/20/2010 8:37:30 PM - System Checkpoint
RP542: 07/22/2010 12:56:23 AM - System Checkpoint
RP543: 07/23/2010 6:43:53 AM - System Checkpoint
RP544: 07/24/2010 9:19:24 AM - System Checkpoint
RP545: 07/25/2010 11:49:08 AM - System Checkpoint
RP546: 07/26/2010 1:31:54 PM - System Checkpoint
RP547: 07/27/2010 6:29:51 PM - System Checkpoint
RP548: 07/29/2010 8:53:48 PM - System Checkpoint
RP549: 07/31/2010 1:12:52 AM - System Checkpoint
RP550: 08/07/2010 10:13:02 PM - System Checkpoint
RP551: 08/08/2010 10:17:08 PM - System Checkpoint
RP552: 08/10/2010 3:18:24 AM - System Checkpoint
RP553: 08/10/2010 9:06:44 AM - Removed TurboTax ItsDeductible 2005
RP554: 08/10/2010 9:11:24 AM - Removed TurboTax ItsDeductible 2006
RP555: 08/11/2010 2:17:51 PM - System Checkpoint
RP556: 08/12/2010 2:44:26 PM - System Checkpoint
RP557: 08/13/2010 6:20:18 PM - System Checkpoint

==== Installed Programs ======================


ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Media Player
Adobe Photoshop Elements 4.0
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Advanced WindowsCare Personal
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
ArcSoft Software Suite
AT&T Yahoo! Applications
AutoUpdate
Banctec Service Agreement
Bonjour
Brother MFL-Pro Suite
Buzz Lightyear Astro Blasters
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Data Lifeguard Diagnostic for Windows
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
DeLorme Send To GPS 1.0
Digital Line Detect
Disney Pirates of the Caribbean Online
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EarthLink MDAC
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
Eraser 5.8
Facebook Plug-In
FilmX DICOM LiteBox 2.70 19-Sep-2005
Flickr Uploadr 2.5.0.15
Free Realms
Free Realms Installer
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iConcepts Music Express
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Macromedia Captivate
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MioNet
Mobipocket Reader 6.2
Modem Helper
Move Media Player
Mozilla Firefox (3.6.8)
MSSoap
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
NetEraser V1.3
Nikon Message Center
OverDrive Media Console
PaperPort
PC Registry Cleaner v3.0
Pdf995
PhotoMix 5.3
PhotoSuite 4 (Remove Only)
Picasa 2
PictureProject
PowerDVD
QuickTime
RCA Detective™ 2.0.0.99
RCA easyRip 2.3.9.0
RCA easyRip™ 1.4.5.0
RCA Updater 1.0.4.0
Roxio PhotoSuite 5
SBC Yahoo! DSL Activation
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SimCoaster
Skype™ 3.5
Sonic DLA
Sonic RecordNow!
SUPERAntiSpyware Free Edition
TurboTax 2005
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Uniblue SpeedUpMyPC 3
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD Anywhere Backup
WD Drive Manager (x86)
WebFldrs XP
WexTech AnswerWorks
Window Washer
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

08/16/2010 10:42:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
08/16/2010 10:42:33 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/15/2010 11:35:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
08/15/2010 11:35:23 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/14/2010 10:44:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Real-time Scanner service, but this action failed with the following error: An instance of the service is already running.
08/13/2010 9:57:33 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/13/2010 6:04:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00400582BDEC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
08/13/2010 12:37:38 AM, error: Service Control Manager [7034] - The EPSON V5 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
08/13/2010 12:37:38 AM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
08/10/2010 1:50:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440
08/10/2010 1:49:41 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
08/10/2010 1:49:41 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
08/10/2010 1:49:41 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The system cannot find the file specified.
08/09/2010 1:05:19 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wiafbdrv.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 23:51:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jenn\LOCALS~1\Temp\pxldypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB8F0E620]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB6BAA78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB6BAA821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB6BAA738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB6BAA74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB6BAA835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB6BAA861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB6BAA8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB6BAA8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB6BAA7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB6BAA8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB6BAA80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB6BAA710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB6BAA724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB6BAA79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB6BAA937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB6BAA8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB6BAA88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB6BAA84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB6BAA923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB6BAA90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB6BAA776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB6BAA762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB6BAA877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6BAA7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB6BAA8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB6BAA7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB6BAA7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B6BAA7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP B6BAA811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP B6BAA891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP B6BAA78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP B6BAA766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP B6BAA825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP B6BAA93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP B6BAA8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP B6BAA714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP B6BAA7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP B6BAA87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP B6BAA7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP B6BAA7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B6BAA750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP B6BAA7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP B6BAA8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP B6BAA728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP B6BAA8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP B6BAA865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP B6BAA839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP B6BAA73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP B6BAA77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP B6BAA8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP B6BAA8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP B6BAA84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP B6BAA913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP B6BAA927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0098
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0087
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF006C
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00CB
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00BA
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F68
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00F7
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0112
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF00A9
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\services.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00E6
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FBC
.text C:\WINDOWS\system32\services.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[592] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[592] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[592] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00040014
.text C:\WINDOWS\system32\services.exe[592] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0004002F
.text C:\WINDOWS\system32\services.exe[592] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01060000
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01060F92
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01060FA3
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01060FB4
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0106007D
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01060047
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01060F3F
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01060F5C
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01060EF8
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01060F13
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010600AC
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0106006C
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01060011
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01060F77
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01060FE5
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01060036
.text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01060F24
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01050FB9
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01050040
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01050FCA
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01050F8D
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01050FE5
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01050025
.text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01050F9E
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF004C
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FB7
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC8
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF001D
.text C:\WINDOWS\system32\lsass.exe[604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\lsass.exe[604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\lsass.exe[604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[604] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\lsass.exe[604] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FD0FB2
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024F0FEF
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024F0F41
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024F0F5C
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024F0F77
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024F0F94
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024F0040
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024F0062
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024F0F26
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024F0EEE
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024F0EFF
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024F0ED3
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024F0FB9
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024F0014
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024F0051
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024F0FD4
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024F0025
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024F007D
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024E0F9E
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024E0F68
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024E0FB9
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024E0FDE
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024E0F79
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024E0FEF
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024E0025
.text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024E0014
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024D005D
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!system 77C293C7 5 Bytes JMP 024D0FD2
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024D0FE3
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024D0000
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024D0038
.text C:\WINDOWS\system32\svchost.exe[756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024D001D
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 024B0FEF
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 024B000A
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 024B0FD4
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 024B0FC3
.text C:\WINDOWS\system32\svchost.exe[756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E5006A
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F75
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50F86
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50F97
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E5002F
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E500B1
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50096
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E500E7
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50F4E
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50F3D
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FB2
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50085
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E500C2
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40087
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40FDB
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40076
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E40051
.text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30029
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30FCD
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30018
.text C:\WINDOWS\system32\svchost.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[820] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[820] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[820] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\svchost.exe[820] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E10040
.text C:\WINDOWS\system32\svchost.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03A40000
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03A40051
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03A40F5C
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03A40040
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03A40F8D
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03A4001B
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03A40093
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03A40F4B
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03A40F15
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03A40F26
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03A400C9
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03A40F9E
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03A40FE5
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03A40076
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03A40FAF
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03A40FCA
.text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03A400A4
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03A30025
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03A30040
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03A30014
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03A30FDE
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03A30F83
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03A30FEF
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03A30F9E
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C3, 8B]
.text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03A30FC3
.text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02F8000A
.text C:\WINDOWS\System32\svchost.exe[888] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03A20055
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 03A20044
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03A20FD4
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03A20000
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03A20029
.text C:\WINDOWS\System32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03A20FEF
.text C:\WINDOWS\System32\svchost.exe[888] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03760FEF
.text C:\WINDOWS\System32\svchost.exe[888] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03760FDE
.text C:\WINDOWS\System32\svchost.exe[888] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03760014
.text C:\WINDOWS\System32\svchost.exe[888] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0376002F
.text C:\WINDOWS\System32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03770FEF
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D50089
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D50078
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50067
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50FB9
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50F57
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50F68
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500E6
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D500CB
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D50F32
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D50040
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D50F83
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D5001B
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D5000A
.text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D500BA
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D4004A
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D4002F
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D40FC3
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D40065
.text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D30F97
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D3002C
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D30FC6
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D30000
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D3001B
.text C:\WINDOWS\System32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D30FE3
.text C:\WINDOWS\System32\svchost.exe[1084] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[1084] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B0014
.text C:\WINDOWS\System32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D2000A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE008A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0F8B
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0065
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0FA8
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE002F
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0F42
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F5F
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE00A5
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0F16
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0EF1
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE004A
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE0FDE
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0F70
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE001E
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0FC3
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE0F31
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD0036
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD0062
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD0025
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD000A
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DD0FA5
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DD0047
.text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DD0FC0
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC0F7A
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0F8B
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0FB7
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0F9C
.text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0FD2
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\System32\svchost.exe[1432] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00DB0FC3
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0082
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F83
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FA5
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F4B
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0093
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F29
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD00C2
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0F18
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0047
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD001B
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD0F68
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD0036
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\System32\svchost.exe[1468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F3A
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FC3
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0039
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0014
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F86
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F97
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\System32\svchost.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FB2
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0031
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0020
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FB7
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FA6
.text C:\WINDOWS\System32\svchost.exe[1468] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\System32\svchost.exe[1468] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\System32\svchost.exe[1468] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\System32\svchost.exe[1468] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BA0014
.text C:\WINDOWS\System32\svchost.exe[1468] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\System32\svchost.exe[1468] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\explorer.exe[2192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\explorer.exe[2192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\explorer.exe[2192] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BB000C
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0025
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0040
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C000A
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0F8D
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0F9E
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88]
.text C:\WINDOWS\explorer.exe[2192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FB9
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D0053
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0038
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D0FE3
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0000
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D0FD2
.text C:\WINDOWS\explorer.exe[2192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D001D
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[2512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AB0000
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01AB005B
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01AB0F70
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01AB0F8D
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01AB004A
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AB0FC3
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01AB009D
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01AB0080
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01AB00BF
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AB00AE
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01AB0F15
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AB0FA8
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AB0FEF
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01AB0F55
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01AB0FD4
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01AB0025
.text C:\WINDOWS\Explorer.EXE[2512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01AB0F30
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01AA0025
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01AA004A
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01AA0FD4
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01AA0FEF
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01AA0F8D
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01AA000A
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01AA0F9E
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CA, 89]
.text C:\WINDOWS\Explorer.EXE[2512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01AA0FB9
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01A80031
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A80FA6
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01A80FD2
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01A80FEF
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01A80FC1
.text C:\WINDOWS\Explorer.EXE[2512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01A8000C
.text C:\WINDOWS\Explorer.EXE[2512] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01A60000
.text C:\WINDOWS\Explorer.EXE[2512] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01A60FE5
.text C:\WINDOWS\Explorer.EXE[2512] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01A60FD4
.text C:\WINDOWS\Explorer.EXE[2512] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01A6001B
.text C:\WINDOWS\Explorer.EXE[2512] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A70FEF
.text C:\Program Files\Mozilla Firefox\firefox.exe[2560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2560] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{0F9BDEBA-F103-05D2-72A5-9EB2CCDC519B}\LdkzljVxdv@ P
Reg HKLM\SOFTWARE\Classes\CLSID\{0F9BDEBA-F103-05D2-72A5-9EB2CCDC519B}\lpxxottixF@ MeCFhdnUAs?ePhYWgqxk
Reg HKLM\SOFTWARE\Classes\CLSID\{0F9BDEBA-F103-05D2-72A5-9EB2CCDC519B}\swnyq@ urrjYBqBvn?B_T`n^|
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ C:\WINDOWS\System32\quartz.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\InprocServer32@ C:\Program Files\Microsoft Office\Office10\MIMEDIR.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\InprocServer32@InprocServer32 C84DVn-}f(YR]eAR6.jiOUTLOOKNonBootFiles>6&*tLlfnf(?Q)L[lj+'(?
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\ProgID@ MimeDir.MimeDirParser.1
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\VersionIndependentProgID@ MimeDir.MimeDirParser

---- EOF - GMER 1.0.15 ----

*udpate* I left out of town and my ADHD husband ran malwarebytes & Superantispyware and attempted to delete other software we no longer use. He said SuperAntiSpyware found lots of things and he deleted them.

I alsoForgot to mention a few things above due to all the other things overwhelming me: I couldn't change or access my desktop background picture nor the option of screensavers. And McAffee Virus Protection was slowly being disabled- it said it needed to be removed & reinstalled. My husband removed it but did NOT reinstall yet (I've banned him from the computer at this point). Today I turned on the computer (disconnected from DSL modem) and found the AntiMalware doctor in the start menu again (?!?). It hasn't come up in the malwarebytes or Superantispyware scans- Again, I VERY much appreciate ALL that you guys do as I know you are extremely busy! I look forward to your suggestions- have a great day!

EDIT: Posts merged ~BP

Edited by Budapest, 23 August 2010 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 25 August 2010 - 05:02 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 August 2010 - 02:50 PM

Just letting you know I received this and I'm going through the processes you listed right now- will post asap. And THANK YOU THANK YOU THANK YOU for your time as I know you are busy!
~Jen

#4 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 August 2010 - 03:26 PM

As for history- all is in the beginning and end of my original post (end was an update). The only thing I forgot to add in the "end" is that it seems as if someone took a black box and put it over my background wallpaper leaving about an inch of the top of the picture showing. The rest is in the original post! Here we go! Thanks again!

OTL logfile created on: 08/26/2010 12:42:22 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jenn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 15.71 Gb Free Space | 21.10% Space Free | Partition Type: NTFS
Drive D: | 0.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jenn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/26 12:41:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jenn\Desktop\OTL.exe
PRC - [2010/08/13 21:48:16 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/26 19:25:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/07 11:20:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/11/07 11:20:06 | 001,344,736 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/09/17 14:52:00 | 000,139,264 | R--- | M] () -- C:\Program Files\MioNet\MioNetManager.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/06/03 10:29:58 | 009,442,584 | ---- | M] (Uniblue Software) -- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 11:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/07/12 00:22:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\MioNet\jvm\bin\MioNet.exe
PRC - [2007/02/20 17:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2007/01/10 11:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 12:41:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jenn\Desktop\OTL.exe
MOD - [2008/04/13 16:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2010/08/14 17:48:14 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/07 11:20:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/09/17 14:52:00 | 000,139,264 | R--- | M] () [Auto | Running] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/07/23 12:25:17 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/12/16 11:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 11:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/04 14:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/09/09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2003/03/03 10:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2010/08/13 21:48:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/08/13 21:48:00 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/13 21:47:57 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2008/07/23 08:50:48 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/07/23 08:50:48 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/01/25 07:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\whfltr2k.sys -- (whfltr2k)
DRV - [2006/12/05 15:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 21:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 21:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 21:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 21:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 21:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 21:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 21:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 21:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 21:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 21:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/11/17 12:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 12:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 12:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/19 15:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 02:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2002/08/29 02:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2002/06/23 13:31:20 | 000,045,568 | R--- | M] (D-Link Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLKRTS.SYS -- (DLKRTS)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 09:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 08:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 19:26:27 | 000,000,000 | ---D | M]

[2009/11/08 06:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenn\Application Data\Mozilla\Extensions
[2009/04/20 14:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenn\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/26 11:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenn\Application Data\Mozilla\Firefox\Profiles\n6s3n43m.default\extensions
[2010/05/14 15:06:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jenn\Application Data\Mozilla\Firefox\Profiles\n6s3n43m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/24 02:28:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Jenn\Application Data\Mozilla\Firefox\Profiles\n6s3n43m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/19 22:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 13:31:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/14 13:30:31 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/02 10:17:14 | 000,107,816 | ---- | M] (DeLorme) -- C:\Program Files\Mozilla Firefox\plugins\nppnplugin.dll

O1 HOSTS File: ([2008/10/09 08:33:51 | 000,001,644 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 127.0.0.1 new #ad
O1 - Hosts: 26 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe ()
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\Run: [cdloader] C:\Documents and Settings\Jenn\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\Run: [Easy Dock] File not found
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software)
O4 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 1
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: NetEraser v1.0 - {41691540-0BFB-4992-9D7D-89D30DD09E9A} - C:\Program Files\NetEraser\NetEraserkey.exe ()
O9 - Extra 'Tools' menuitem : NetEraser - {41691540-0BFB-4992-9D7D-89D30DD09E9A} - C:\Program Files\NetEraser\NetEraserkey.exe ()
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2541863738-3544271049-2167255471-1009\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pool 2 http://origin.games.yahoo.net/games/clients/y/poti_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: ("C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 05:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16c045d0-a5b1-11de-a62d-00038a000015}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{16c045d0-a5b1-11de-a62d-00038a000015}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{16c045d0-a5b1-11de-a62d-00038a000015}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{16c045d0-a5b1-11de-a62d-00038a000015}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{16c045d0-a5b1-11de-a62d-00038a000015}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a5c4754e-d150-11dd-a5ec-00038a000015}\Shell\AutoRun\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a5c4754e-d150-11dd-a5ec-00038a000015}\Shell\install\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a5c4754e-d150-11dd-a5ec-00038a000015}\Shell\usermanualEnglish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a5c4754e-d150-11dd-a5ec-00038a000015}\Shell\usermanualFrench\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a5c4754e-d150-11dd-a5ec-00038a000015}\Shell\usermanualSpanish\command - "" = G:\rcaeasyrip_setup.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 12:41:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jenn\Desktop\OTL.exe
[2010/08/16 22:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Desktop\gmer
[2010/08/13 23:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/08/13 21:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Application Data\MioNet
[2010/08/13 21:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Application Data\WD
[2010/08/13 16:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/13 16:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\My Documents\My Google Gadgets
[2010/08/13 16:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2010/08/13 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/13 16:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Local Settings\Application Data\MioNet
[2010/08/13 16:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\MioNet
[2010/08/13 16:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/08/13 16:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Local Settings\Application Data\temp
[2010/08/13 16:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/08/13 16:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\WD
[2010/08/13 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010/08/13 12:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/08/09 22:13:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jenn\Recent
[2010/08/09 13:05:19 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2010/08/09 13:05:19 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/08/08 01:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenn\Application Data\Malwarebytes
[2010/08/08 01:01:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/08 01:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/08 01:01:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/08 01:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/08 00:57:33 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jenn\Desktop\mbam-setup.exe
[2010/08/07 15:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\quhdruicv
[2010/07/28 08:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/28 08:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 12:42:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\RKUnhookerLE.EXE
[2010/08/26 12:41:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jenn\Desktop\OTL.exe
[2010/08/26 10:54:03 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F15C4E6-2A51-4BF3-A684-4B026CAF4CC7}.job
[2010/08/26 10:51:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/26 10:51:34 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/26 10:51:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/26 10:51:31 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 11:31:49 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Jenn\NTUser.dat
[2010/08/23 11:31:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jenn\NTUSER.INI
[2010/08/23 11:31:38 | 008,609,228 | -H-- | M] () -- C:\Documents and Settings\Jenn\Local Settings\Application Data\IconCache.db
[2010/08/20 09:55:14 | 000,384,064 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\ATT_SST.exe
[2010/08/16 22:16:59 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\gmer.zip
[2010/08/16 14:49:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\dds.scr
[2010/08/16 13:59:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jenn\defogger_reenable
[2010/08/16 13:57:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\Defogger.exe
[2010/08/15 11:44:04 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\magicJack.lnk
[2010/08/14 03:55:14 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Jenn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/13 18:04:42 | 000,423,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 16:53:06 | 000,110,208 | ---- | M] () -- C:\Documents and Settings\Jenn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/13 16:48:01 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/08/13 16:12:50 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\Start MioNet.lnk
[2010/08/13 16:10:30 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WD Anywhere Backup.lnk
[2010/08/13 03:04:27 | 000,757,760 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\BEFW11S4-v2_v1.45.10_fw.bin
[2010/08/13 00:36:01 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\rkill.scr
[2010/08/12 08:50:25 | 000,432,138 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\5challenges_yr2.jpg
[2010/08/12 08:49:45 | 000,404,964 | ---- | M] () -- C:\Documents and Settings\Jenn\Desktop\5challenges_new.jpg
[2010/08/10 13:25:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/09 19:16:44 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Jenn\jagex_runescape_preferences.dat
[2010/08/09 19:00:11 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Jenn\jagex_runescape_preferences2.dat
[2010/08/09 18:32:03 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/08/08 01:01:51 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 00:57:34 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jenn\Desktop\mbam-setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 12:42:51 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\RKUnhookerLE.EXE
[2010/08/23 10:47:37 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 09:55:08 | 000,384,064 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\ATT_SST.exe
[2010/08/16 22:16:52 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\gmer.zip
[2010/08/16 14:48:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\dds.scr
[2010/08/16 13:59:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jenn\defogger_reenable
[2010/08/16 13:57:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\Defogger.exe
[2010/08/13 16:48:01 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/08/13 16:12:50 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\Start MioNet.lnk
[2010/08/13 16:10:30 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WD Anywhere Backup.lnk
[2010/08/13 03:04:27 | 000,757,760 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\BEFW11S4-v2_v1.45.10_fw.bin
[2010/08/13 00:36:00 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\rkill.scr
[2010/08/12 08:50:21 | 000,432,138 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\5challenges_yr2.jpg
[2010/08/12 08:49:42 | 000,404,964 | ---- | C] () -- C:\Documents and Settings\Jenn\Desktop\5challenges_new.jpg
[2010/08/08 01:01:51 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 17:50:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/16 17:48:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF500.ini
[2009/10/11 16:28:14 | 000,000,776 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini
[2008/12/15 23:06:07 | 033,221,800 | ---- | C] () -- C:\Program Files\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
[2008/11/14 23:43:14 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/14 23:43:14 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/14 23:37:50 | 000,000,285 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/14 23:37:50 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/14 23:30:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/23 08:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 08:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 08:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 08:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/24 18:56:05 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/31 18:29:03 | 000,028,747 | ---- | C] () -- C:\WINDOWS\System32\KMemoryMMX.dll
[2007/12/31 18:29:03 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\KMemory.dll
[2007/12/31 18:29:03 | 000,020,546 | ---- | C] () -- C:\WINDOWS\System32\KMemoryC.dll
[2007/12/31 18:29:02 | 000,024,653 | ---- | C] () -- C:\WINDOWS\System32\KMemoryPIII.dll
[2007/12/31 18:28:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2007/12/31 18:28:24 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2007/12/31 18:28:23 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2007/12/31 18:28:22 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2007/12/31 18:28:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2007/09/12 09:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/08/24 21:35:26 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2007/01/25 07:45:02 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2006/11/09 20:18:09 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/09 20:18:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/13 11:13:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\PCRCVersion.ini
[2006/07/05 15:29:40 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2005/12/28 16:22:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/12/21 23:48:51 | 000,005,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypinfo.bin
[2005/11/28 18:10:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/28 18:10:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/29 19:31:25 | 000,077,284 | ---- | C] () -- C:\WINDOWS\System32\mlre2x32.dll
[2005/08/23 20:22:00 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Jenn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/07 12:53:18 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/04/25 17:17:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Adpcm_T32.dll
[2005/02/21 19:57:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Gnucleus.INI
[2005/01/27 13:52:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\wstdsock.dll
[2004/07/20 15:44:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/07/17 21:06:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/07/17 21:04:16 | 000,127,026 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/07/17 21:04:16 | 000,048,936 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2004/07/15 14:22:44 | 000,001,798 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/07/14 19:39:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/07/10 12:47:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/07/10 12:06:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2004/07/10 10:28:50 | 000,000,678 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/07/01 04:18:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/01 04:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/01 04:05:45 | 000,000,181 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/01 04:00:48 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/01 03:46:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/01 03:46:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/01 03:31:14 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/26 13:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/22 19:06:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/02/05 08:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/17 13:20:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[1979/12/31 21:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08948D52
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >



OTL Extras logfile created on: 08/26/2010 12:42:22 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jenn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

510.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 15.71 Gb Free Space | 21.10% Space Free | Partition Type: NTFS
Drive D: | 0.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFER
Current User Name: Jenn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2541863738-3544271049-2167255471-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\browser\ybrowser.exe" = C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser -- (Yahoo!, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe:*:Enabled:Spy Sweeper -- File not found
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- ()
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Jenn\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jenn\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Enabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochure
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{094FABA0-4865-11D4-95B6-000103485DB6}" = SimCoaster
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.0
"{104AACDE-D771-425F-88A4-1E613AC16F29}" = Macromedia Captivate
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{53AF3638-DDB4-4755-B3DC-259981689DB7}" = MioNet
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F626E006-C06C-466A-B133-92C1991385CA}" = ArcSoft Print Creations
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"Buzz Lightyear Astro Blasters" = Buzz Lightyear Astro Blasters
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Digital Editions" = Adobe Digital Editions
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"FilmX DICOM LiteBox 2.70 19-Sep-2005_is1" = FilmX DICOM LiteBox 2.70 19-Sep-2005
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"Free Realms Installer" = Free Realms Installer
"Google Desktop" = Google Desktop
"IDNMitigationAPIs"

#5 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 August 2010 - 03:29 PM

Sorry, computer kept saying connection reset so I didn't think my post had gone through, SORRY for the repeats!!!!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 26 August 2010 - 04:14 PM

No problem, this is most likely due to the infection you are facing here. Please post me the RKU log in a separate post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 26 August 2010 - 10:29 PM

Here you go- thank you!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xB76CB000 C:\WINDOWS\system32\DRIVERS\VX3000.sys 1957888 bytes (Microsoft Corporation, Microsoft LifeCam VX3000 Device Driver)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF73D8000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF724A000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF71A3000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7101000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF86CB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEC63C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7057000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEC743000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1B5C000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB13D6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF736C000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xEC609000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF87E9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1C53000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF869E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0FC0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEC6AC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEC71B000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEC5E3000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF70DD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF73A0000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7349000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEC6F9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xEC6D7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8781000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF87B9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8684000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF87A1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8758000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF70C6000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB1CA8000 C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB17D7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF718F000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF73C4000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEC79C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF876F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF87D8000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF70B5000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB1CBE000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7EAA000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB1D1F000 C:\WINDOWS\System32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7ECA000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7E8A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7E9A000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB19AC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF505F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF88E8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB894E000 C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF8878000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8988000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7E7A000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF506F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF8858000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8978000 C:\WINDOWS\System32\DRIVERS\DLKRTS.SYS 49152 bytes (D-Link Corporation , D-Link DFE-530TX+ PCI Adapter )
0xF7E5A000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8898000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF500F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7EBA000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8848000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7E6A000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8838000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF88C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7E3A000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8868000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF547D000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8968000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7E4A000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF503F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1A0C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8888000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF4FFF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8B10000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF51D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEBBD2000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8B08000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8B18000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEBBCA000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8AB8000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8B28000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8B20000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8B50000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF51A8000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8B00000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF6463000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8B48000 C:\WINDOWS\System32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF645B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8B58000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8AC0000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8B38000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8B40000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8B30000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB2585000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF864F000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF8CDC000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF52A8000 C:\WINDOWS\System32\Drivers\NDISRD.SYS 16384 bytes (NT Kernel Resources, NDISRD helper driver)
0xEC26E000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8637000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8C48000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2AB8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6750000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6738000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB1C17000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF6758000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF862B000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8633000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF52AC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF52A4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8D8C000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF8DD0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8DCE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8D38000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8DD2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB305A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8DD4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8D8E000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8DC6000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8D3A000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8F19000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF527E000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF527D000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xB22BF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF527C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8E00000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x832E8AEA ?_empty_? 1302 bytes
0x832E8EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8335C488 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF87A1000 WARNING: suspicious driver modification [atapi.sys::0x832E8AEA]
0x058D0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 1077248 bytes
0x05870000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 126976 bytes
0x03690000 Hidden Image-->System.XML.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 2060288 bytes
0x04A00000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 266240 bytes
0x04750000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 270336 bytes
0x05C80000 Hidden Image-->log4net.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 282624 bytes
0x04420000 Hidden Image-->System.Data.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 2961408 bytes
0x04540000 Hidden Image-->System.Data.dll [ EPROCESS 0x82C007D0 ] PID: 1640, 2961408 bytes
0x04F50000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 307200 bytes
0x038C0000 Hidden Image-->System.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 3190784 bytes
0x01110000 Hidden Image-->Interop.eWebControl.dll [ EPROCESS 0x82C007D0 ] PID: 1640, 36864 bytes
0x05C50000 Hidden Image-->Interop.Outlook.dll [ EPROCESS 0x82C007D0 ] PID: 1640, 405504 bytes
0xF8838000 WARNING: Virus alike driver modification [isapnp.sys], 40960 bytes
0x067D0000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 421888 bytes
0x03620000 Hidden Image-->System.configuration.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 438272 bytes
0x01380000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 471040 bytes
0x04840000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 479232 bytes
0x061D0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 479232 bytes
0x051A0000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 5033984 bytes
0x012F0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 53248 bytes
0x056F0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 634880 bytes
0x01330000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 77824 bytes
0x04E30000 Hidden Image-->SQLite.NET.dll [ EPROCESS 0x82C007D0 ] PID: 1640, 77824 bytes
0x04350000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x82C86D00 ] PID: 1648, 778240 bytes
0x03590000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x82C86D00 ] PID: 1648, 86016 bytes
0x06030000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x82C86D00 ] PID: 1648, 872448 bytes


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 27 August 2010 - 06:05 AM

Hi, unfortunately you are infected with a nasty rootkit.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 27 August 2010 - 08:47 PM

Hi Elise-

Truthfully this was my biggest fear. I know you are overbooked and I'm EXTREMELY appreciative that you are helping me!! But I'm hoping you don't mind if I ask two questions even though I know you may not be able to answer them-

1. Is there a way to tell the date or time frame of when that particular backdoor trojan infected that computer (what is it called)?

2. Because that infected computer was the main computer hosting the DSL modem and an older Linksys Wireless Access Point Router (which then had 2 laptops, a PS 3 and a Wii that wirelessly connected through that router for internet access through the DSL modem), is it possible that any of those items may be infected as well? Would it be ok to go ahead and post the "logs" of JUST 1 laptop (I'm currently on) in this thread just to make sure it isn't infected?

I guess that was technically 3 questions, sorry. Admittedly, I'm in a predicament of sorts aside this one (possibly needing to relocate unexpectedly within the next few days) and this will be the only electronic item I can take. I can have the logs/reports all posted by this evening if needed- Sorry to put this out there for all to read, I guess I'm relying on miracles of strangers these days. Thank you in advance for your time either way- I very much appreciate this! Oh, and to finalize about the confirmed infected computer, I will be reformatting it, hopefully I can figure it out! Thank you again!!!



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 28 August 2010 - 03:59 AM

No problem, if I was "overbooked", I wouldn't have replied to your topic. laugh.gif

Its hard to say when exactly you got infected, however, you can reasonably say: from the moment you got the problems as described in your first post.
QUOTE
After several scans nothing has come up since although I immediately started having the IE and FF redirecting problem


This particular rootkit doesn't spread to computers it connects to, however, it may invite friends so its difficult to say. I would monitor all other computers for unusual behaviour and run a scan with something like MBAM there.

If the laptop you are on now is running fine, there is no need to post a log for it; this rootkit doesn't show up in logs like OTL, only on certain rootkit scanners. This is also the reason that all scanners you ran beforehand did not pick up a thing.

I hope this answers your questions. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 07 September 2010 - 04:54 PM

Hi Elise- Sorry it has been awhile. I have some somewhat serious issues and may be moving suddenly, this has been preventing me from being able to get back to this particular issue. About this laptop, I am and have experienced some of the same symptoms and even just yesterday SpybotSD popped up suddenly saying it caught a keylogger. We were having redirect issues back when our dell desktop(original infected computer) was also having them, but haven't had them since I ran scans. My background picture has been weird, computer is running rediculously slow, had a "blue screen moment" as well but it flickered off so quickly that I couldn't catch what it said- this happened while running MBAM. The computer shut down and restarted in safemode. I have been trying to run MBAM, SpybotSD, SuperAntiSpyware and Avast regularly and while they sometimes find things, I continue with odd symptoms. Another ongoing symptom is when I go to turn off the laptop and it says "Other users are logged onto this computer, shutting down will cause them to lose.." and we only have one account on this laptop. So, would this be of concern also? I appreciate your time in advance-- I look forward to hearing from you!
~Jen

PS Also forgot to mention, I bought a Passport Elite External to backup my Dell Desktop when it began having problems- when it was installing all of its features, one of the malware programs came up detecting some kind of known Malware, sorry I can't rememeber that far back what it was exactly. Yesterday, I used the same External Hard drive and plugged it into this laptop to begin a backup process as well. The main screen came up but I hadn't started the process- a few minutes later is when the "keylogger" was detected and stopped by spybot. Could my external HD be infected??? Thank you again, I really do appreciate this!

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 08 September 2010 - 02:16 AM

As long as the rootkit is active, it can do about anything it wants. Therefore I recommend to run Combofix as instructed ASAP.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 September 2010 - 06:50 PM

Did you mean run the Combofix on my laptop(compaq)? The Dell desktop is the computer you were originally helping me with that you found the "backdoor" on and I've decided to just reformat it. Do I need to still run combofix on the dell desktop if I'm reformatting?

As for the laptop mentioned in my last 2 posts, we haven't done anything with it (as far as diagnosing or running scans and posting reports and such) but had asked if it would be ok to post the logs for it as well to make sure it doesn't have the same thing. Just wanted to clarify to be safe since I know combofix shouldn't be used precariously, heaven knows I can screw things up without trying! haha Thanks again!
~Jen

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:23 AM

Posted 09 September 2010 - 03:17 AM

Sorry, my bad. ohmy.gif In that case, run OTL and RKU on this laptop and post me both logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 tototo

tototo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 September 2010 - 03:38 PM

Ok, I'll get right on it smile.gif Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users