Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
46 replies to this topic

#1 diviner

diviner

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 08 June 2011 - 06:30 AM

Winlogon.exe keeps popping up in task manager and using up the cpu until it reaches 100%. Virus and malware scans have found nothing and have to be done in Safe Mode. System restore points are being deleted. Can you help?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:15:35, on 08/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.hemscott.com/nsm.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet

Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = ;http://localho;;<local>
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

(no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\Common Files\McAfee\SystemCore\ScriptSn.20110604222559.dll
O2 - BHO: InvisibleHand - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program

Files\InvisibleHand\InvisibleHand\InvisibleHand.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [Disc Detector] C:\Program

Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program

Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"

/runkey
O4 - HKLM\..\Run: [IndexSearch] "C:\Program

Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program

Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

/AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend

Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe

http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&

language=en&product=SymNRT&version=2008.0.1.14&build=Symantec&a=00000082.0000

0010.00000020&b=00000082.0000001f.0000004b&c=00000082.0000001f.0000006e
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default

user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee

Security Scan\3.0.199\SSScheduler.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program

Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki

.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} -

http://www.skybroadband.com (file missing)
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Net2Phone -

{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - (no

file)
O9 - Extra button: (no name) - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - (no

file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: InvisibleHand - {D17B46F2-99A5-462C-B92C-209285E2E2B4} -

C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -

http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -

http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/

us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1174749981783
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -

http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} -

http://www.stmichaelsmanor.com/activex/svideo3.cab
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692}

- c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service

(McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security

Scan\3.0.199\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. -

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program

Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. -

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program

Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program

Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee,

Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. -

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown

owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (file

missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner -

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

(file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. -

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software

- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp

Software - C:\Program Files\TuneUp Utilities

2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12380 bytes

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 16 June 2011 - 04:16 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 18 June 2011 - 07:01 AM

etavares, great to hear from you as my computer is still running slowly and driving me mad. Winlogon.exe still keeps popping up and when I run a scan (Mcafee, Malwarebytes, Spy Bot) in normal mode it takes forever, getting very slow on scanning Windows System 32. This happened yesterday when i tried to run the OTL scan, which after many hours could not omplete, so I ran it today in Safe mode (but unfortunately could not paste i the custom scan).
I think something must have corrupted some system 32 files, but does not show up in my scans. I am unable to run SFC /SCANNOW as it keeps asking me to insert my Windows XP Proferssional Service |Pack 3 CD and I only have a Windows XP Home Service Pack 2 CD.

I have pasted below and on second reply the logs you requested (I don't see any browse button). Any help would be much appreciated.



OTL logfile created on: 18/06/2011 11:52:46 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

767.53 Mb Total Physical Memory | 553.59 Mb Available Physical Memory | 72.13% Memory free
1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.87% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.10 Gb Total Space | 3.49 Gb Free Space | 18.26% Space Free | Partition Type: FAT32
Drive F: | 487.89 Mb Total Space | 102.71 Mb Free Space | 21.05% Space Free | Partition Type: FAT32

Computer Name: GATEWAY | User Name: DW | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 11:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents\Downloads\OTL.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2001/03/21 14:27:00 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 11:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/23 15:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/06/06 11:07:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/11 18:45:58 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/05/11 18:42:26 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/02/21 16:42:30 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [2002/04/11 19:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/09/14 00:56:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ADM8511.SYS -- (ADM8511)
DRV - [2001/08/15 15:49:04 | 000,737,975 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)
DRV - [2001/03/21 14:27:00 | 000,777,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/03/21 14:27:00 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/nsm.do
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 E9 A5 EB A3 5F CA 01 [binary data]
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>



O1 HOSTS File: ([2008/02/22 10:07:58 | 000,226,635 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7952 more lines...
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110604222559.dll (McAfee, Inc.)
O2 - BHO: (InvisibleHand Extension) - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dll (Forward)
O3 - HKLM\..\Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Reg Error: Value error. File not found
O9 - Extra Button: InvisibleHand - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dll (Forward)
O15 - HKU\.DEFAULT\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\.DEFAULT\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-20\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: hemscott.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (Reg Error: Key error.)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://69.44.122.156/scanner/axscanner.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174749981783 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.0964467593 (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R583/V31Controls/x86/w98/en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} http://www.stmichaelsmanor.com/activex/svideo3.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\BPC {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\lid {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tve-trigger {CBD30859-AF45-11d2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/03/03 01:00:00 | 000,000,105 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 11:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/16 13:03:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DW\Recent
[2011/06/15 10:02:55 | 000,000,000 | ---D | C] -- C:\i386
[2011/06/14 14:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/06/14 14:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/14 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/06/14 14:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/14 13:03:09 | 000,000,000 | ---D | C] -- C:\Repair
[2011/06/13 17:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DW\Local Settings\Application Data\Trusteer
[2011/06/12 16:59:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/10 20:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gateway Utilities
[2011/06/10 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway
[2011/06/10 18:02:31 | 000,077,824 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\EAXAC3.DLL
[2011/06/10 17:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/06/09 14:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/06/07 15:39:44 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011/06/07 13:59:14 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2011/06/06 18:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/06/06 17:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DW\Start Menu\Programs\HiJackThis
[2011/06/06 17:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 17:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/06/06 17:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/06/06 17:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/06 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2006/11/19 19:20:40 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1997/06/02 12:17:40 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_SETUP.DLL
[1995/12/18 00:00:00 | 001,924,096 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PPVIEW32.EXE
[1995/12/18 00:00:00 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PP4X32.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 11:41:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/18 11:38:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 11:34:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/18 11:22:48 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F633F1ED-3F66-457B-8CD3-241571D0F415}.job
[2011/06/18 10:40:30 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/06/18 10:17:04 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1957994488-1004Core1cc22c776ed2c90.job
[2011/06/17 08:59:50 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/15 14:27:48 | 000,579,334 | ---- | M] () -- C:\Documents\4h pt 3.pdf
[2011/06/14 14:46:30 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/13 14:43:16 | 000,478,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/13 14:43:16 | 000,088,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/12 17:03:32 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\Google Chrome.lnk
[2011/06/12 17:03:32 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 20:49:48 | 000,024,792 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,024,792 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/10 20:49:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/10 19:27:02 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80311102}.CDF
[2011/06/10 18:06:36 | 000,000,355 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2011/06/09 10:14:14 | 000,000,217 | -HS- | M] () -- C:\boot.ini
[2011/06/08 11:16:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\HiJackThis.lnk
[2011/06/07 10:20:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\DW\Local Settings\Application Data\housecall.guid.cache
[2011/06/06 17:05:30 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/06 17:05:28 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/06 15:08:46 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/06/05 16:39:36 | 000,004,680 | ---- | M] () -- C:\Documents\cc_20110605_163928.reg
[2011/06/02 11:16:14 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 14:27:51 | 000,579,334 | ---- | C] () -- C:\Documents\4h pt 3.pdf
[2011/06/14 14:46:28 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/10 20:49:46 | 000,016,420 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:46 | 000,016,420 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 18:10:05 | 003,373,917 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80311102}.CDF
[2011/06/10 18:07:51 | 000,024,792 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 18:07:51 | 000,024,792 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 18:06:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2011/06/10 18:06:23 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/06/10 18:02:44 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/06/10 18:02:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/06/10 18:02:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\CT1MGM.ROM
[2011/06/10 18:02:38 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2011/06/10 18:02:36 | 003,373,917 | ---- | C] () -- C:\WINDOWS\CTDV10K1.CDF
[2011/06/10 18:02:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT4.SFM
[2011/06/10 18:02:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT.SFM
[2011/06/10 18:02:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT8.SFM
[2011/06/10 18:02:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/06/10 18:02:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/06/10 18:02:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/06/10 18:02:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/06/10 18:02:14 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/06/10 18:02:14 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/06/10 18:02:14 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/06/10 18:02:14 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/06/10 18:02:13 | 002,259,067 | ---- | C] () -- C:\WINDOWS\System32\default.ecw
[2011/06/10 18:02:13 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/06/10 18:02:10 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\Live.bmp
[2011/06/07 10:56:45 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/06/07 10:20:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\housecall.guid.cache
[2011/06/06 17:31:53 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\DW\Desktop\HiJackThis.lnk
[2011/06/06 17:05:27 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/06 17:05:00 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/05 16:39:32 | 000,004,680 | ---- | C] () -- C:\Documents\cc_20110605_163928.reg
[2011/06/04 15:55:37 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1957994488-1004Core1cc22c776ed2c90.job
[2011/02/07 15:40:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/02/07 15:22:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011/02/07 15:15:04 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/01/22 12:51:51 | 000,031,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDIMSYS.SYS
[2010/10/24 16:15:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/08 16:08:33 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\FASTWiz.html
[2010/01/08 13:33:22 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\FASTApp.html
[2009/08/06 02:27:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/21 17:17:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2007/09/19 18:11:56 | 000,098,080 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20070919 181156.Reg
[2007/08/01 17:59:29 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/16 00:39:07 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/12/16 00:35:43 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/11/25 18:06:59 | 000,078,491 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20061125 180659.Reg
[2006/11/16 23:10:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/16 22:57:19 | 000,001,954 | ---- | C] () -- C:\WINDOWS\LnkStub.dat
[2006/11/16 22:46:12 | 000,015,463 | ---- | C] () -- C:\WINDOWS\3ANSH.INI
[2006/11/16 22:46:12 | 000,012,503 | ---- | C] () -- C:\WINDOWS\3QUESH.INI
[2006/11/16 22:46:12 | 000,012,467 | ---- | C] () -- C:\WINDOWS\3ANSL.INI
[2006/11/16 22:46:12 | 000,011,979 | ---- | C] () -- C:\WINDOWS\2ANSH.INI
[2006/11/16 22:46:12 | 000,010,573 | ---- | C] () -- C:\WINDOWS\3QUESL.INI
[2006/11/16 22:46:12 | 000,010,497 | ---- | C] () -- C:\WINDOWS\2QUESH.INI
[2006/11/16 22:46:12 | 000,008,124 | ---- | C] () -- C:\WINDOWS\sat.ini
[2006/11/16 22:46:12 | 000,008,033 | ---- | C] () -- C:\WINDOWS\2QUESL.INI
[2006/11/16 22:46:12 | 000,007,713 | ---- | C] () -- C:\WINDOWS\2ANSL.INI
[2006/11/16 22:46:12 | 000,006,978 | ---- | C] () -- C:\WINDOWS\MOGGIE.INI
[2006/11/16 22:46:12 | 000,005,188 | ---- | C] () -- C:\WINDOWS\Results.ini
[2006/11/16 22:46:12 | 000,002,297 | ---- | C] () -- C:\WINDOWS\testinfo.INI
[2006/11/16 22:46:12 | 000,001,072 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/16 22:46:12 | 000,000,979 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/11/16 22:46:12 | 000,000,961 | ---- | C] () -- C:\WINDOWS\ANIMALS.INI
[2006/11/16 22:46:12 | 000,000,956 | ---- | C] () -- C:\WINDOWS\ozwine.ini
[2006/11/16 22:46:12 | 000,000,872 | ---- | C] () -- C:\WINDOWS\SYSPROST.INI
[2006/11/16 22:46:12 | 000,000,756 | ---- | C] () -- C:\WINDOWS\score.ini
[2006/11/16 22:46:12 | 000,000,542 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/16 22:46:12 | 000,000,461 | ---- | C] () -- C:\WINDOWS\ftree.ini
[2006/11/16 22:46:12 | 000,000,442 | ---- | C] () -- C:\WINDOWS\anmlshi.ini
[2006/11/16 22:46:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\satstest.ini
[2006/11/16 22:46:12 | 000,000,401 | ---- | C] () -- C:\WINDOWS\dialer.ini
[2006/11/16 22:46:12 | 000,000,377 | ---- | C] () -- C:\WINDOWS\student.ini
[2006/11/16 22:46:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\PICVIEW.INI
[2006/11/16 22:46:12 | 000,000,269 | ---- | C] () -- C:\WINDOWS\wordsv3.ini
[2006/11/16 22:46:12 | 000,000,158 | ---- | C] () -- C:\WINDOWS\CTREC.INI
[2006/11/16 22:46:12 | 000,000,133 | ---- | C] () -- C:\WINDOWS\Mental.ini
[2006/11/16 22:46:12 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Maris.ini
[2006/11/16 22:46:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\stargazr.ini
[2006/11/16 22:46:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/16 22:46:12 | 000,000,111 | ---- | C] () -- C:\WINDOWS\epconfig.ini
[2006/11/16 22:46:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2006/11/16 22:46:12 | 000,000,078 | ---- | C] () -- C:\WINDOWS\POODLE.INI
[2006/11/16 22:46:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\Problem.ini
[2006/11/16 22:46:12 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2006/11/16 22:46:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ERRORS.INI
[2006/11/16 22:46:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2006/11/16 22:46:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ping.ini
[2006/11/16 22:46:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3Mental.ini
[2006/11/16 22:46:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/11/16 22:46:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/16 22:46:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\MSBACKUP.INI
[2006/11/16 22:46:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2006/11/16 22:46:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ALPHAPLAYER.INI
[2006/11/16 22:46:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SATDIR.INI
[2006/11/16 22:46:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2006/11/16 22:46:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ADS.INI
[2006/11/16 22:46:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\sattemp.ini
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKINSTALL.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IPLAYER.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ERO2000.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ENUMPORT.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSSETUP.INI
[2006/11/16 22:46:11 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/11/16 22:46:11 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/11/16 22:46:11 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/11/16 22:46:11 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/11/16 22:46:11 | 000,001,420 | ---- | C] () -- C:\WINDOWS\MSNClick.ini
[2006/11/16 22:46:11 | 000,001,319 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/16 22:46:11 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/11/16 22:46:11 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/11/16 22:46:11 | 000,000,462 | ---- | C] () -- C:\WINDOWS\GARDEN.INI
[2006/11/16 22:46:11 | 000,000,431 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2006/11/16 22:46:11 | 000,000,369 | ---- | C] () -- C:\WINDOWS\epspmgr4.ini
[2006/11/16 22:46:11 | 000,000,355 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/11/16 22:46:11 | 000,000,339 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/11/16 22:46:11 | 000,000,249 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2006/11/16 22:46:11 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2006/11/16 22:46:11 | 000,000,190 | ---- | C] () -- C:\WINDOWS\ctsyn.ini
[2006/11/16 22:46:11 | 000,000,179 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2006/11/16 22:46:11 | 000,000,177 | ---- | C] () -- C:\WINDOWS\Icldial.ini
[2006/11/16 22:46:11 | 000,000,139 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/11/16 22:46:11 | 000,000,123 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006/11/16 22:46:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2006/11/16 22:46:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/11/16 22:46:11 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Fsch7.ini
[2006/11/16 22:46:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\PWIX.INI
[2006/11/16 22:46:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2006/11/16 22:46:11 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/11/16 22:46:11 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2006/11/16 22:46:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2006/11/16 22:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2006/11/16 21:36:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/16 21:29:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/16 21:29:07 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/16 21:02:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/16 21:02:32 | 000,478,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/11/16 21:02:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/16 21:02:32 | 000,088,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/11/16 21:02:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/16 21:02:22 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/16 21:02:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/16 21:01:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/16 21:01:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/16 21:01:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/16 21:00:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/16 20:59:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/09/28 11:26:53 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\STCI.DLL
[2006/06/20 11:00:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/12/18 09:53:53 | 000,540,704 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2005/12/14 19:38:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2005/11/02 20:35:02 | 000,209,976 | ---- | C] () -- C:\WINDOWS\iMeshV5.exe
[2005/10/29 23:35:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/10/13 14:27:33 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\PKP_DLec.DAT
[2005/10/11 13:00:50 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2005/10/10 21:06:17 | 000,028,981 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20051010 210617.Reg
[2005/09/26 11:02:17 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\PKP_DLea.DAT
[2005/09/20 22:51:08 | 000,007,738 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20050920 225108.Reg
[2005/08/23 08:27:08 | 000,000,624 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20050823 082708.Reg
[2004/11/25 10:42:08 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\DW\Application Data\sdi.db
[2004/08/13 19:14:23 | 000,184,320 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2004/07/14 12:49:16 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/15 10:41:00 | 000,110,660 | ---- | C] () -- C:\WINDOWS\System32\zlimclnup.exe
[2003/09/26 10:03:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\swen0.dat
[2003/08/15 18:47:53 | 001,310,720 | RH-- | C] () -- C:\WINDOWS\UserMigratedStore_59R.bin
[2003/08/15 18:47:49 | 000,720,896 | RH-- | C] () -- C:\WINDOWS\DefaultStore_59R.bin
[2003/08/14 13:26:49 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2003/06/19 19:14:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/26 17:10:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/04/13 07:41:12 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/04/13 07:35:29 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2003/02/27 09:22:12 | 000,003,689 | ---- | C] () -- C:\WINDOWS\WMSysDx.bin
[2002/12/28 11:39:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[2002/10/25 18:42:23 | 000,063,995 | ---- | C] () -- C:\WINDOWS\delprint.exe
[2002/10/25 18:42:20 | 000,064,057 | ---- | C] () -- C:\WINDOWS\DelConv.exe
[2002/10/19 09:02:42 | 000,001,272 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2002/09/08 11:38:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2002/06/28 19:37:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TestVxdV.exe
[2002/06/28 19:37:42 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\min_icudt18l.dll
[2002/06/28 19:37:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\msiath.dll
[2002/06/28 19:37:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\min_glob.dll
[2002/06/28 19:37:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\servctrl.exe
[2002/04/11 19:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/10/24 12:57:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2001/09/05 15:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2001/07/20 07:09:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\swfobjs.dll
[2001/07/15 22:30:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\MadUnInst.exe
[2001/04/01 17:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2001/02/27 16:06:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2000/11/29 17:25:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/09/12 17:21:27 | 000,312,832 | R--- | C] () -- C:\WINDOWS\getnetlinesettings.exe
[2000/08/21 19:01:38 | 000,000,995 | ---- | C] () -- C:\Program Files\WDIRNOP.PIF
[2000/08/21 19:01:38 | 000,000,005 | ---- | C] () -- C:\Program Files\WDIRNOP.COM
[2000/08/21 18:01:31 | 000,224,256 | ---- | C] () -- C:\WINDOWS\UnDrake.exe
[2000/07/25 19:43:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2000/07/25 19:43:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\N2PAuto.exe
[2000/05/10 22:40:05 | 000,108,992 | ---- | C] () -- C:\WINDOWS\System32\SH34W32.DLL
[2000/05/10 22:40:05 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\IFORCE2.dll
[2000/05/10 18:23:37 | 000,009,030 | ---- | C] () -- C:\WINDOWS\hh.dat
[2000/05/10 18:19:56 | 000,095,544 | ---- | C] () -- C:\WINDOWS\System32\MSNFreeWeb.exe
[2000/05/10 16:54:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EPASET32.DLL
[2000/05/10 16:40:35 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2000/05/10 15:24:19 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[2000/05/10 15:09:52 | 000,147,968 | ---- | C] () -- C:\WINDOWS\System32\INSTAPI.DLL
[2000/05/10 15:07:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[2000/05/10 14:45:22 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000/01/27 16:33:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SysIECom.dll
[2000/01/27 16:33:55 | 000,311,364 | ---- | C] () -- C:\WINDOWS\System32\ssistd.dll
[2000/01/27 16:33:55 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\ssistdop.dll
[1999/04/11 20:54:20 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL

========== LOP Check ==========

[2009/11/24 09:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2006/11/16 22:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shark-shared
[2006/11/16 22:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/16 22:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/11/16 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/02/24 18:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2007/02/24 18:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/12 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/07/17 22:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/05/27 12:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/05/27 12:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/28 15:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/03/26 20:27:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/03/18 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/06/06 10:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/02/07 15:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/03/23 11:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/06/09 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/06/14 14:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/11/16 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\PopupCop
[2006/11/16 22:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Leadertech
[2006/11/16 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\spweng
[2006/11/16 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\muvee Technologies
[2006/11/16 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Pixology
[2006/11/16 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\IM-Names
[2006/11/16 22:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Snapfish
[2006/12/02 19:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\LG Electronics
[2008/04/14 21:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Viewpoint
[2009/02/24 11:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Trusteer
[2009/05/27 12:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\ParetoLogic
[2010/05/17 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Uniblue
[2010/05/30 11:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\CheeseSoft
[2010/06/06 10:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\TuneUp Software
[2011/03/23 11:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\ScanSoft
[2011/03/23 11:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\Zeon
[2011/04/16 13:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DW\Application Data\ElevatedDiagnostics
[2009/02/28 11:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2008/09/30 08:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/21 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
[2009/11/24 09:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Trusteer
[2011/06/18 11:41:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/18 11:22:48 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F633F1ED-3F66-457B-8CD3-241571D0F415}.job

========== Purity Check ==========



< End of report >

#4 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 18 June 2011 - 07:04 AM

Here is the GMER log


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-18 11:19:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\ultra1Port2Path0Target0Lun0 WDC_WD20 rev.16.1
Running: gmer.exe; Driver: C:\DOCUME~1\DAVIDW~1\LOCALS~1\Temp\kwldqpow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF771DD70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF771DD84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF771DDB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF771DE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF771DD5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF771DD34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF771DD48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF771DDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF771DDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF771DE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF771DE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF771DDF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F771DDF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568F68 5 Bytes JMP F771DD60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057376F 5 Bytes JMP F771DD74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80574AA9 5 Bytes JMP F771DD38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A81E 5 Bytes JMP F771DE20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC99 7 Bytes JMP F771DE0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057BC5B 7 Bytes JMP F771DDCA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805839B9 5 Bytes JMP F771DE34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059323B 5 Bytes JMP F771DD4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80595C1A 7 Bytes JMP F771DDB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80597FFA 7 Bytes JMP F771DD88 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetSecurityObject 8059D2BD 5 Bytes JMP F771DDE0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064F526 7 Bytes JMP F771DD9E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Outlook Express\msimn.exe[364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00080000
.text C:\Program Files\Outlook Express\msimn.exe[364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00080011
.text C:\Program Files\Outlook Express\msimn.exe[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00080FE5
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F72
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B005D
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0040
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F83
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FAF
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B009D
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F55
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00CC
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F33
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00DD
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F94
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0082
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B001B
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FCA
.text C:\Program Files\Outlook Express\msimn.exe[364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F44
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F8B
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0F9C
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FB7
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A000C
.text C:\Program Files\Outlook Express\msimn.exe[364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0025
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0F86
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FD4
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FEF
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F97
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0000
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0FA8
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\Program Files\Outlook Express\msimn.exe[364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FB9
.text C:\Program Files\Outlook Express\msimn.exe[364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DD0FEF
.text C:\Program Files\Outlook Express\msimn.exe[364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DD0FDE
.text C:\Program Files\Outlook Express\msimn.exe[364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DD000A
.text C:\Program Files\Outlook Express\msimn.exe[364] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00DD0FB9
.text C:\Program Files\Outlook Express\msimn.exe[364] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA0FC0
.text C:\WINDOWS\system32\svchost.exe[568] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA0FE5
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E1006A
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F75
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10F90
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10FA1
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E10039
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E10F2E
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10F3F
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E100C7
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E100B6
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E10F13
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10FB2
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10F5A
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10FC3
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\system32\svchost.exe[568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E10091
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E0003D
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00087
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E0002C
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00011
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00FCA
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00000
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00FDB
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\system32\svchost.exe[568] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00058
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DF002C
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DF0FB5
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\svchost.exe[568] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DF0FD2
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040011
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70F4F
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70044
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E70F6A
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70F91
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70FB6
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E7007C
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E70F34
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E70EED
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70F08
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E70EDC
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E70033
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70011
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E70055
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70FD1
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E70022
.text C:\WINDOWS\system32\services.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E70F19
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F97
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060018
.text C:\WINDOWS\system32\services.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\lsass.exe[884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BD0FC3
.text C:\WINDOWS\system32\lsass.exe[884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C1005B
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F3A
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F4B
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F0E
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F1F
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100C2
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10FA8
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\lsass.exe[884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C1009D
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F80
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00014
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\lsass.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0055
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0029
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF003A
.text C:\WINDOWS\system32\lsass.exe[884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F7A
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD006F
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0040
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F3B
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F58
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0EE0
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0EFB
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD009E
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F69
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FCA
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FDB
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F16
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FC0
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0025
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC007D
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0FC6
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0FD7
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0022
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0047
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0067
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F50
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC008C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F10
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F2B
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0EFF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F61
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC00B3
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0028
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0054
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FA1
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FBC
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0043
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0049
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA002E
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FD2
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FE3
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA001D
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA000C
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FE5
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006600AC
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660FB7
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660091
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660080
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0066005B
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F95
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006600D1
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660113
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600F8
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00660124
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660014
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660FA6
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0066004A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660F7A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640F86
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FAB
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FE3
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FC6
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00140000
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00140FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0014001B
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270095
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027007A
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270069
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270058
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB6
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700C8
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700B7
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270108
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F6F
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270119
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0027003D
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027001B
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002700A6
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0027002C
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FDB
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700ED
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360014
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F72
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FB9
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036002F
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F8D
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360F9E
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370070
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!system 77C293C7 5 Bytes JMP 0037005F
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370033
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0037004E
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00380FEF
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00380FDE
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0038001E
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0038002F
.text C:\Program Files\WinZip\WINZIP32.EXE[1504] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A0FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 05810FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0581000A
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 05810FD4
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05860000
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05860089
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05860078
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05860F9E
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0586005B
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05860FB9
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0586009A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05860F52
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05860F26
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 058600BF
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 05860F15
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0586004A
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05860FE5
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05860F6F
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0586002F
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05860FD4
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05860F37
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0200001B
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02000F6F
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0200000A
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02000FDE
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02000F8A
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02000FEF
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02000FA5
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [20, 8A]
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0200002C
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FF0036
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FF0FB5
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FF001B
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FF0000
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FF0FC6
.text C:\WINDOWS\system32\svchost.exe[1604] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FF0FE3
.text C:\WINDOWS\system32\svchost.exe[1604] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01FD0FEF
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01FD0FD4
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01FD000A
.text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01FD0FB9
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00860FE5
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00860000
.text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00860FD4
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008A0F8F
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A008E
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008A0FAA
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A0073
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A0047
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008A0F57
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008A00A9
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A0F1A
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A0F35
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A0EFF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A0058
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008A0F7E
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008A0025
.text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A0F46
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00890FB2
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00890043
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00890FC3
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00890FDE
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00890F86
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00890F97
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A9, 88]
.text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0089001E
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00880FC1
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880FD2
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0088001D
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0088000C
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880038
.text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00880FE3
.text C:\WINDOWS\system32\svchost.exe[1652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00870FEF
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01690FE5
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01690FC0
.text C:\WINDOWS\Explorer.EXE[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01690000
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01C50FEF
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01C50069
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01C50058
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01C50047
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01C50F8A
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01C50036
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01C50098
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01C50F52
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01C50EFF
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01C50F1A
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01C500BD
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01C50FA5
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01C5000A
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01C50F63
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01C50FCA
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01C5001B
.text C:\WINDOWS\Explorer.EXE[1864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01C50F2B
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01C40025
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01C40FA5
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01C40FD4
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01C40000
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01C40062
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01C40FEF
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01C40051
.text C:\WINDOWS\Explorer.EXE[1864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01C40040
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C30F81
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C30F9C
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C30FD2
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C30FE3
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C30FAD
.text C:\WINDOWS\Explorer.EXE[1864] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C30000
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01C20FEF
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01C20FD4
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01C2000A
.text C:\WINDOWS\Explorer.EXE[1864] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01C20FC3
.text C:\WINDOWS\Explorer.EXE[1864] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01910000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009001B
.text C:\WINDOWS\System32\svchost.exe[2144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F55
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F66
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0040
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F83
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F13
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F24
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B008A
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0EF1
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00A5
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B005B
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[2144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F02
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A002C
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A007D
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A001B
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0062
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FC0
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0047
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FA6
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FB7
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FC8
.text C:\WINDOWS\System32\svchost.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F000C
.text C:\WINDOWS\System32\svchost.exe[2144] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[3728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\system32\svchost.exe[3728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FB9
.text C:\WINDOWS\system32\svchost.exe[3728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FCA
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0082
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0071
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0054
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B002F
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F44
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F55
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00C2
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F29
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00D3
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F7C
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\svchost.exe[3728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00A7
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F72
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F83
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\svchost.exe[3728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FAD
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F002E
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F000C
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F001D
.text C:\WINDOWS\system32\svchost.exe[3728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FDE
.text C:\WINDOWS\system32\svchost.exe[3728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 18 June 2011 - 10:43 AM

Hello, diviner.

Thanks for the info. If we do need to run SFC, we can slipstream SP3 with your SP2 disc to make it work.









Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 19 June 2011 - 07:30 AM

etavares

I could not find Viewpoint in Add/Remove Programs or Program file folder. I have removed all the Trusted Zones.
I then disabled Mcafee real time scanning and found Winlogon stopped popping up in task manager. I went on to download recovery console, but when ComboFix started to scan, I got a blue screen "A problem has been detected and windows will shut down to prevent damage. Bad_Pool_Header Stop: 0x00000019"
Any idea what this means?

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 19 June 2011 - 09:27 AM

That is an error that can be from many things. It could be a bad driver (e.g. malware) that caused that. Physically failing hard drive and RAM can also cause that. Is there a log in C:\Combofix.txt? If yes, please post it. If not, try running Combofix, but from Safe Mode this time.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 19 June 2011 - 02:15 PM

Hello etavares

I tried running combofix in safe mode. It asked me to stop Mcafee anti virus and anti spyware, but McAfee console said real time scanning and firewall were off. I continued with scan and computer froze after 45 minutes without getting any feedback or log. It doesn't seem to want to run ion this computer. Could McAfee be the problem?

#9 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 20 June 2011 - 08:36 AM

etavares
I looked at the McAfee real time scanning settings and when I removed scanning and other pups the winlogon problem went away,even when I applied the spyware scan setting afterwards (without restart). Does this mean the problem is with McAfee, or is it spyware which is subsequently not detected?

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 20 June 2011 - 05:53 PM

It does sound like McAfee got in the way of Combofix and may have caused the issues. Please uninstall McAfee, and install a different antivirus. Three good ones that are free for home use are: Avast, Avira Antivir and Microsoft Security Essentials. Pick one of those and install after you remove McAfee.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 22 June 2011 - 02:32 PM

Hello etavares
I uninstalled McAfee Security Centre and installed Microsoft Essentials and the problem has gone away There was also nothing picked up on the first Microsoft scan so it must have been McAfee.
Thank you for all your help!

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 22 June 2011 - 03:50 PM

Hello, diviner.

Good! Let's keep pressing on just to ensure you are malware free.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- -- (NBService)
    SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
    SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
    O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
    O4 - HKLM..\Run: [POINTER] File not found
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
    O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - Reg Error: Value error. File not found
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (Reg Error: Key error.)
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://69.44.122.156/scanner/axscanner.cab (Reg Error: Key error.)
    O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
    O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
    O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab (Reg Error: Key error.)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37876.0964467593 (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
    O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R583/V31Controls/x86/w98/en/actsetup.cab (Reg Error: Key error.)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} http://www.stmichaelsmanor.com/activex/svideo3.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\BPC {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\lid {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\tve-trigger {CBD30859-AF45-11d2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
    :COmmands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 23 June 2011 - 04:41 PM

Etavares

Here are the logs. Esets found no infections.


All processes killed
========== OTL ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service fsssvc stopped successfully!
Service fsssvc deleted successfully!
Service aspnet_state stopped successfully!
Service aspnet_state deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{62999427-33FC-4baf-9C9C-BCE6BD127F08} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8B68564D-53FD-4293-B80C-993A9F3988EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B68564D-53FD-4293-B80C-993A9F3988EE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A6FB-F862B587B57D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\POINTER deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4B30061A-5B39-11D3-80F8-0090276F843F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B30061A-5B39-11D3-80F8-0090276F843F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4B30061A-5B39-11D3-80F8-0090276F843F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B30061A-5B39-11D3-80F8-0090276F843F}\ not found.
Starting removal of ActiveX control {1842B0EE-B597-11D4-8997-00104BD12D94}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1842B0EE-B597-11D4-8997-00104BD12D94}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1842B0EE-B597-11D4-8997-00104BD12D94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1842B0EE-B597-11D4-8997-00104BD12D94}\ not found.
Starting removal of ActiveX control {2FC9A21E-2069-4E47-8235-36318989DB13}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2FC9A21E-2069-4E47-8235-36318989DB13}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2FC9A21E-2069-4E47-8235-36318989DB13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FC9A21E-2069-4E47-8235-36318989DB13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2FC9A21E-2069-4E47-8235-36318989DB13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FC9A21E-2069-4E47-8235-36318989DB13}\ not found.
Starting removal of ActiveX control {31564D57-0000-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31564D57-0000-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {32564D57-0000-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32564D57-0000-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {3334504D-0000-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-0000-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9B03C5F1-F5AB-47EE-937D-A8EDA626F876}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Starting removal of ActiveX control {CEBC955E-58AF-11D2-A30A-00A0C903492B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEBC955E-58AF-11D2-A30A-00A0C903492B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEBC955E-58AF-11D2-A30A-00A0C903492B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEBC955E-58AF-11D2-A30A-00A0C903492B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CEBC955E-58AF-11D2-A30A-00A0C903492B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEBC955E-58AF-11D2-A30A-00A0C903492B}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {DD3641E5-A9CF-11D1-9AA1-444553540000}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DD3641E5-A9CF-11D1-9AA1-444553540000}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DD3641E5-A9CF-11D1-9AA1-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD3641E5-A9CF-11D1-9AA1-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DD3641E5-A9CF-11D1-9AA1-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD3641E5-A9CF-11D1-9AA1-444553540000}\ not found.
File Animation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File et Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab not found.
Starting removal of ActiveX control Internet Explorer Classes for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Internet Explorer Classes for Java\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\BPC\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}\ not found.
File {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\lid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC}\ not found.
File {3A1096B3-9BFA-11D1-AE77-00C04FBBDEBC} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tve-trigger\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBD30859-AF45-11d2-B6D6-00C04FBBDE6E}\ not found.
File {CBD30859-AF45-11d2-B6D6-00C04FBBDE6E} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: DW
->Temp folder emptied: 443726 bytes
->Temporary Internet Files folder emptied: 8868673 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 27071827 bytes
->Flash cache emptied: 2788 bytes

User: NetworkService
->Temp folder emptied: 2483138 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 573842 bytes

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.F3Y5U6
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.F3Y5U6.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 827 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 325668 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23948648 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06232011_180637

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6928

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/06/2011 18:38:03
mbam-log-2011-06-23 (18-38-03).txt

Scan type: Quick scan
Objects scanned: 184047
Time elapsed: 19 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 23 June 2011 - 05:33 PM

Hello, diviner.


Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 25..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 21
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-s.exe to install the newest version.




Step 2


Does SFC run now? You mentioned it would not run before.



Step 3

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 diviner

diviner
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 June 2011 - 06:46 AM

Hello etavares
I have updated java and attach OT logs. SFC still wants Windows XP Professional SPŁ disk to run. I have also noticed that free disk space is getting low. Can I remove any redundant programs/logs etc?


OTL logfile created on: 24/06/2011 11:53:38 - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

767.53 Mb Total Physical Memory | 301.89 Mb Available Physical Memory | 39.33% Memory free
1.83 Gb Paging File | 1.39 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.10 Gb Total Space | 2.32 Gb Free Space | 12.13% Space Free | Partition Type: FAT32
Drive D: | 564.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 487.89 Mb Total Space | 102.68 Mb Free Space | 21.04% Space Free | Partition Type: FAT32

Computer Name: GATEWAY | User Name: DW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 11:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents\Downloads\OTL.exe
PRC - [2011/06/14 00:52:24 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DW\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/02/23 15:51:20 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/11 18:47:42 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/05/11 18:45:58 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/04/14 01:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/29 19:41:34 | 000,910,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/29 19:41:16 | 000,149,040 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2002/07/02 17:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2002/04/11 19:47:52 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PRC - [2001/03/21 14:27:00 | 000,025,600 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe
PRC - [1998/12/16 01:53:00 | 000,185,856 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CtNotify.exe
PRC - [1998/12/08 01:53:00 | 000,159,232 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 11:10:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/04/11 19:47:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
MOD - [2002/04/11 19:47:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 15:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/06 11:07:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/11 18:45:58 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/05/11 18:42:26 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - [2011/06/24 10:48:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02716200-72E7-447C-9D72-ACFB3208E5AF}\MpKsl2ddf13b4.sys -- (MpKsl2ddf13b4)
DRV - [2009/10/14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/02/21 16:42:30 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/06/14 13:49:56 | 000,010,194 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [2002/04/11 19:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [2001/09/14 00:56:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ADM8511.SYS -- (ADM8511)
DRV - [2001/08/15 15:49:04 | 000,737,975 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\winachcf.sys -- (Winachcf)
DRV - [2001/03/21 14:27:00 | 000,777,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1f.sys -- (emu10k) Creative SB Live! Value (WDM)
DRV - [2001/03/21 14:27:00 | 000,036,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>

IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hemscott.com/nsm.do
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 E9 A5 EB A3 5F CA 01 [binary data]
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;http://localho;;<local>



O1 HOSTS File: ([2008/02/22 10:07:58 | 000,226,635 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7952 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (InvisibleHand Extension) - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dll (Forward)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-20\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\DW\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: InvisibleHand - {D17B46F2-99A5-462C-B92C-209285E2E2B4} - C:\Program Files\InvisibleHand\InvisibleHand\InvisibleHand.dll (Forward)
O15 - HKU\.DEFAULT\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\.DEFAULT\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-19\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: abbeynational.co.uk ([myonlineaccounts2] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: abbeynational.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: absolute.ms ([www] * in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: accountancyage.com ([jobs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-20\..Trusted Domains: barclays.co.uk ([www.stockbrokers] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: benefitsnow.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: country-pursuits.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: creditexpert.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: dukestreetcapital.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: e-brokernet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ed10.net ([reuters.uk] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: efinancialnews.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([funds] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([nbe] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ft.com ([news] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: funds-sp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: fundssupermarket.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: grovelands-gc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.com ([miranda] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: hemscott.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: iii.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: myonlineaccount2.abbeynational ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: omxss.net ([killik-www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: org.uk ([www.thetakeoverpanel] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: penna-online.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: play.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: pwcglobal.com ([alumni] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: reuters.co.uk ([www.research] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: thewinesociety.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yahoo.com ([finance] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yahoo.com ([rds] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: yell.com ([uk] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1343024091-1957994488-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174749981783 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinstall-1_4_1_05-windows-i586.cab (Java Plug-in 1.4.1_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/03/03 01:00:00 | 000,000,105 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2006/02/28 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{767f10c3-75b9-11db-bbdb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{767f10c3-75b9-11db-bbdb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{767f10c3-75b9-11db-bbdb-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 13:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 11:47:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/24 11:44:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/24 11:44:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/24 11:44:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 11:44:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/23 18:06:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/23 17:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/23 17:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 20:50:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DW\Recent
[2011/06/22 19:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/06/22 19:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/19 19:54:10 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2011/06/19 19:02:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/19 13:00:58 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011/06/19 12:47:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 12:29:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 12:29:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 12:29:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 12:29:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 12:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 12:29:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/14 14:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/06/14 14:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/14 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/06/14 14:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/06/14 13:03:09 | 000,000,000 | ---D | C] -- C:\Repair
[2011/06/13 17:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DW\Local Settings\Application Data\Trusteer
[2011/06/12 16:59:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/10 20:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Gateway Utilities
[2011/06/10 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway
[2011/06/10 18:06:31 | 000,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\Updreg.EXE
[2011/06/10 18:02:43 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[2011/06/10 18:02:42 | 000,053,248 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AC3API.DLL
[2011/06/10 18:02:41 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\COMMONFX.DLL
[2011/06/10 18:02:38 | 000,106,496 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTASIO.DLL
[2011/06/10 18:02:38 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTAGENT.DLL
[2011/06/10 18:02:37 | 000,319,488 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTDEVCON.DLL
[2011/06/10 18:02:37 | 000,106,496 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTDPROXY.DLL
[2011/06/10 18:02:36 | 000,036,864 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEMUPIA.DLL
[2011/06/10 18:02:35 | 000,155,648 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTOSUSER.DLL
[2011/06/10 18:02:35 | 000,024,576 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
[2011/06/10 18:02:34 | 000,643,072 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSBLFX.DLL
[2011/06/10 18:02:34 | 000,028,672 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSPKHLP.DLL
[2011/06/10 18:02:31 | 000,094,208 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\DEVREG.DLL
[2011/06/10 18:02:31 | 000,077,824 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\EAXAC3.DLL
[2011/06/10 18:02:30 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE
[2011/06/10 18:02:29 | 000,135,168 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\OPENAL32.DLL
[2011/06/10 18:02:29 | 000,110,592 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\PIAPROXY.DLL
[2011/06/10 18:02:28 | 000,176,128 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\READREG.EXE
[2011/06/10 18:02:27 | 000,270,336 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\SFMS32.DLL
[2011/06/10 18:02:26 | 000,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2011/06/10 18:02:15 | 000,127,948 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys
[2011/06/10 18:02:14 | 000,837,548 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys
[2011/06/10 18:02:14 | 000,195,432 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys
[2011/06/10 18:02:13 | 000,213,860 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys
[2011/06/10 18:02:13 | 000,011,068 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys
[2011/06/10 18:02:12 | 000,156,604 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys
[2011/06/10 18:02:10 | 000,998,004 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys
[2011/06/10 18:00:28 | 000,012,288 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\AHQCpURes.dll
[2011/06/10 18:00:14 | 000,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\AudioHQU.cpl
[2011/06/10 17:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/06/09 14:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/06/07 15:39:44 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011/06/07 13:59:14 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2011/06/06 18:08:40 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2011/06/06 17:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DW\Start Menu\Programs\HiJackThis
[2011/06/06 17:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 17:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/06/06 17:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/06/06 17:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/06 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/25 12:38:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006/11/19 19:20:40 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1997/06/02 12:17:40 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_SETUP.DLL
[1995/12/18 00:00:00 | 001,924,096 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PPVIEW32.EXE
[1995/12/18 00:00:00 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PP4X32.DLL
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 12:21:26 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/24 12:10:14 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F633F1ED-3F66-457B-8CD3-241571D0F415}.job
[2011/06/24 11:44:12 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/24 11:44:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/24 11:44:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/24 11:44:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/24 11:44:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/24 10:53:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/24 10:47:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/24 10:47:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 10:47:50 | 804,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 10:42:52 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/24 10:26:54 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/06/23 18:06:46 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1957994488-1004Core1cc22c776ed2c90.job
[2011/06/23 17:55:22 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\DW\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/23 17:54:56 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\NTREGOPT.lnk
[2011/06/23 09:14:26 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\System Restore.lnk
[2011/06/22 21:04:12 | 000,033,978 | ---- | M] () -- C:\Documents\cc_20110622_210355.reg
[2011/06/22 19:41:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/20 12:00:46 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\Microsoft Excel.lnk
[2011/06/19 12:47:18 | 000,000,334 | RHS- | M] () -- C:\boot.ini
[2011/06/18 16:20:36 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\DW\Desktop\Google Chrome.lnk
[2011/06/18 16:20:36 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/17 08:59:50 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/15 14:27:48 | 000,579,334 | ---- | M] () -- C:\Documents\4h pt 3.pdf
[2011/06/14 14:46:30 | 000,001,636 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/13 14:43:16 | 000,478,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/13 14:43:16 | 000,088,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/10 20:49:48 | 000,024,792 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,024,792 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:48 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/10 20:49:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/10 19:27:02 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80311102}.CDF
[2011/06/10 18:06:36 | 000,000,355 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2011/06/09 10:14:14 | 000,000,217 | ---- | M] () -- C:\Boot.bak
[2011/06/07 10:20:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\DW\Local Settings\Application Data\housecall.guid.cache
[2011/06/06 17:05:30 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/05 16:39:36 | 000,004,680 | ---- | M] () -- C:\Documents\cc_20110605_163928.reg
[2011/05/30 23:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 12:45:16 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 10:53:23 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/23 17:55:20 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\DW\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/23 17:54:54 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\DW\Desktop\NTREGOPT.lnk
[2011/06/23 09:14:24 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\DW\Desktop\System Restore.lnk
[2011/06/22 21:04:00 | 000,033,978 | ---- | C] () -- C:\Documents\cc_20110622_210355.reg
[2011/06/22 19:51:39 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/22 19:41:48 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/22 19:41:02 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/19 19:54:20 | 804,884,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 12:47:16 | 000,000,217 | ---- | C] () -- C:\Boot.bak
[2011/06/19 12:47:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 12:29:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 12:29:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 12:29:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 12:29:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 12:29:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/15 14:27:51 | 000,579,334 | ---- | C] () -- C:\Documents\4h pt 3.pdf
[2011/06/14 14:46:28 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/06/10 20:49:46 | 000,016,420 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:46 | 000,016,420 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 20:49:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 20:49:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80311102}.dat
[2011/06/10 18:10:05 | 003,373,917 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000002-80311102}.CDF
[2011/06/10 18:07:51 | 000,024,792 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 18:07:51 | 000,024,792 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000002-80311102}.rfx
[2011/06/10 18:06:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2011/06/10 18:06:23 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/06/10 18:02:44 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/06/10 18:02:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/06/10 18:02:41 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\CT1MGM.ROM
[2011/06/10 18:02:38 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2011/06/10 18:02:36 | 003,373,917 | ---- | C] () -- C:\WINDOWS\CTDV10K1.CDF
[2011/06/10 18:02:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT4.SFM
[2011/06/10 18:02:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT.SFM
[2011/06/10 18:02:32 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT8.SFM
[2011/06/10 18:02:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/06/10 18:02:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/06/10 18:02:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/06/10 18:02:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/06/10 18:02:14 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/06/10 18:02:14 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/06/10 18:02:14 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/06/10 18:02:14 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/06/10 18:02:13 | 002,259,067 | ---- | C] () -- C:\WINDOWS\System32\default.ecw
[2011/06/10 18:02:13 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/06/10 18:02:10 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\Live.bmp
[2011/06/07 10:56:45 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\DW\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word (2).lnk
[2011/06/07 10:20:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\housecall.guid.cache
[2011/06/06 17:05:00 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/05 16:39:32 | 000,004,680 | ---- | C] () -- C:\Documents\cc_20110605_163928.reg
[2011/06/04 15:55:37 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1343024091-1957994488-1004Core1cc22c776ed2c90.job
[2011/02/07 15:40:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/02/07 15:22:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011/02/07 15:15:04 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/01/22 12:51:51 | 000,031,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDIMSYS.SYS
[2010/10/24 16:15:57 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/08 16:08:33 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\FASTWiz.html
[2010/01/08 13:33:22 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\FASTApp.html
[2009/08/06 02:27:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/21 17:17:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2007/09/19 18:11:56 | 000,098,080 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20070919 181156.Reg
[2007/08/01 17:59:29 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/16 00:39:07 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/12/16 00:35:43 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/11/25 18:06:59 | 000,078,491 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20061125 180659.Reg
[2006/11/16 23:10:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/16 22:57:19 | 000,001,954 | ---- | C] () -- C:\WINDOWS\LnkStub.dat
[2006/11/16 22:46:12 | 000,015,463 | ---- | C] () -- C:\WINDOWS\3ANSH.INI
[2006/11/16 22:46:12 | 000,012,503 | ---- | C] () -- C:\WINDOWS\3QUESH.INI
[2006/11/16 22:46:12 | 000,012,467 | ---- | C] () -- C:\WINDOWS\3ANSL.INI
[2006/11/16 22:46:12 | 000,011,979 | ---- | C] () -- C:\WINDOWS\2ANSH.INI
[2006/11/16 22:46:12 | 000,010,573 | ---- | C] () -- C:\WINDOWS\3QUESL.INI
[2006/11/16 22:46:12 | 000,010,497 | ---- | C] () -- C:\WINDOWS\2QUESH.INI
[2006/11/16 22:46:12 | 000,008,124 | ---- | C] () -- C:\WINDOWS\sat.ini
[2006/11/16 22:46:12 | 000,008,033 | ---- | C] () -- C:\WINDOWS\2QUESL.INI
[2006/11/16 22:46:12 | 000,007,713 | ---- | C] () -- C:\WINDOWS\2ANSL.INI
[2006/11/16 22:46:12 | 000,006,978 | ---- | C] () -- C:\WINDOWS\MOGGIE.INI
[2006/11/16 22:46:12 | 000,005,188 | ---- | C] () -- C:\WINDOWS\Results.ini
[2006/11/16 22:46:12 | 000,002,297 | ---- | C] () -- C:\WINDOWS\testinfo.INI
[2006/11/16 22:46:12 | 000,001,072 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/16 22:46:12 | 000,000,979 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/11/16 22:46:12 | 000,000,961 | ---- | C] () -- C:\WINDOWS\ANIMALS.INI
[2006/11/16 22:46:12 | 000,000,956 | ---- | C] () -- C:\WINDOWS\ozwine.ini
[2006/11/16 22:46:12 | 000,000,872 | ---- | C] () -- C:\WINDOWS\SYSPROST.INI
[2006/11/16 22:46:12 | 000,000,756 | ---- | C] () -- C:\WINDOWS\score.ini
[2006/11/16 22:46:12 | 000,000,542 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/16 22:46:12 | 000,000,461 | ---- | C] () -- C:\WINDOWS\ftree.ini
[2006/11/16 22:46:12 | 000,000,442 | ---- | C] () -- C:\WINDOWS\anmlshi.ini
[2006/11/16 22:46:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\satstest.ini
[2006/11/16 22:46:12 | 000,000,401 | ---- | C] () -- C:\WINDOWS\dialer.ini
[2006/11/16 22:46:12 | 000,000,377 | ---- | C] () -- C:\WINDOWS\student.ini
[2006/11/16 22:46:12 | 000,000,348 | ---- | C] () -- C:\WINDOWS\PICVIEW.INI
[2006/11/16 22:46:12 | 000,000,269 | ---- | C] () -- C:\WINDOWS\wordsv3.ini
[2006/11/16 22:46:12 | 000,000,158 | ---- | C] () -- C:\WINDOWS\CTREC.INI
[2006/11/16 22:46:12 | 000,000,133 | ---- | C] () -- C:\WINDOWS\Mental.ini
[2006/11/16 22:46:12 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Maris.ini
[2006/11/16 22:46:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\stargazr.ini
[2006/11/16 22:46:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/16 22:46:12 | 000,000,111 | ---- | C] () -- C:\WINDOWS\epconfig.ini
[2006/11/16 22:46:12 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2006/11/16 22:46:12 | 000,000,078 | ---- | C] () -- C:\WINDOWS\POODLE.INI
[2006/11/16 22:46:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\Problem.ini
[2006/11/16 22:46:12 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2006/11/16 22:46:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ERRORS.INI
[2006/11/16 22:46:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2006/11/16 22:46:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ping.ini
[2006/11/16 22:46:12 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3Mental.ini
[2006/11/16 22:46:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/11/16 22:46:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/16 22:46:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\MSBACKUP.INI
[2006/11/16 22:46:12 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2006/11/16 22:46:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ALPHAPLAYER.INI
[2006/11/16 22:46:12 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SATDIR.INI
[2006/11/16 22:46:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2006/11/16 22:46:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\ADS.INI
[2006/11/16 22:46:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\sattemp.ini
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKINSTALL.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IPLAYER.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ERO2000.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ENUMPORT.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2006/11/16 22:46:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSSETUP.INI
[2006/11/16 22:46:11 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/11/16 22:46:11 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/11/16 22:46:11 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/11/16 22:46:11 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/11/16 22:46:11 | 000,001,420 | ---- | C] () -- C:\WINDOWS\MSNClick.ini
[2006/11/16 22:46:11 | 000,001,319 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/16 22:46:11 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/11/16 22:46:11 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/11/16 22:46:11 | 000,000,462 | ---- | C] () -- C:\WINDOWS\GARDEN.INI
[2006/11/16 22:46:11 | 000,000,431 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2006/11/16 22:46:11 | 000,000,369 | ---- | C] () -- C:\WINDOWS\epspmgr4.ini
[2006/11/16 22:46:11 | 000,000,355 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/11/16 22:46:11 | 000,000,339 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/11/16 22:46:11 | 000,000,249 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2006/11/16 22:46:11 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2006/11/16 22:46:11 | 000,000,190 | ---- | C] () -- C:\WINDOWS\ctsyn.ini
[2006/11/16 22:46:11 | 000,000,179 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2006/11/16 22:46:11 | 000,000,177 | ---- | C] () -- C:\WINDOWS\Icldial.ini
[2006/11/16 22:46:11 | 000,000,139 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/11/16 22:46:11 | 000,000,123 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006/11/16 22:46:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2006/11/16 22:46:11 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/11/16 22:46:11 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Fsch7.ini
[2006/11/16 22:46:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\PWIX.INI
[2006/11/16 22:46:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2006/11/16 22:46:11 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/11/16 22:46:11 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2006/11/16 22:46:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2006/11/16 22:46:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2006/11/16 21:36:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/16 21:29:59 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/11/16 21:29:07 | 000,204,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/16 21:02:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/11/16 21:02:32 | 000,478,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/11/16 21:02:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/16 21:02:32 | 000,088,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/11/16 21:02:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/16 21:02:22 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/16 21:02:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/16 21:01:59 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/16 21:01:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/16 21:01:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/16 21:00:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/16 20:59:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/09/28 11:26:53 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\STCI.DLL
[2006/06/20 11:00:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/12/18 09:53:53 | 000,540,704 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[2005/12/14 19:38:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2005/11/02 20:35:02 | 000,209,976 | ---- | C] () -- C:\WINDOWS\iMeshV5.exe
[2005/10/29 23:35:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/10/13 14:27:33 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\PKP_DLec.DAT
[2005/10/11 13:00:50 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
[2005/10/10 21:06:17 | 000,028,981 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20051010 210617.Reg
[2005/09/26 11:02:17 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\PKP_DLea.DAT
[2005/09/20 22:51:08 | 000,007,738 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20050920 225108.Reg
[2005/08/23 08:27:08 | 000,000,624 | ---- | C] () -- C:\Program Files\Undo F3Y5U6 20050823 082708.Reg
[2004/11/25 10:42:08 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\DW\Application Data\sdi.db
[2004/08/13 19:14:23 | 000,184,320 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2004/07/14 12:49:16 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2004/03/15 10:41:00 | 000,110,660 | ---- | C] () -- C:\WINDOWS\System32\zlimclnup.exe
[2003/09/26 10:03:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\swen0.dat
[2003/08/15 18:47:53 | 001,310,720 | RH-- | C] () -- C:\WINDOWS\UserMigratedStore_59R.bin
[2003/08/15 18:47:49 | 000,720,896 | RH-- | C] () -- C:\WINDOWS\DefaultStore_59R.bin
[2003/08/14 13:26:49 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2003/06/19 19:14:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/04/26 17:10:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/04/13 07:41:12 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\DW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/04/13 07:35:29 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2003/02/27 09:22:12 | 000,003,689 | ---- | C] () -- C:\WINDOWS\WMSysDx.bin
[2002/12/28 11:39:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[2002/10/25 18:42:23 | 000,063,995 | ---- | C] () -- C:\WINDOWS\delprint.exe
[2002/10/25 18:42:20 | 000,064,057 | ---- | C] () -- C:\WINDOWS\DelConv.exe
[2002/10/19 09:02:42 | 000,001,272 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2002/09/08 11:38:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2002/06/28 19:37:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TestVxdV.exe
[2002/06/28 19:37:42 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\min_icudt18l.dll
[2002/06/28 19:37:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\msiath.dll
[2002/06/28 19:37:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\min_glob.dll
[2002/06/28 19:37:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\servctrl.exe
[2002/04/11 19:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/10/24 12:57:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2001/09/05 15:48:28 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2001/07/20 07:09:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\swfobjs.dll
[2001/07/15 22:30:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\MadUnInst.exe
[2001/04/01 17:16:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2001/02/27 16:06:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2000/11/29 17:25:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/09/12 17:21:27 | 000,312,832 | R--- | C] () -- C:\WINDOWS\getnetlinesettings.exe
[2000/08/21 19:01:38 | 000,000,995 | ---- | C] () -- C:\Program Files\WDIRNOP.PIF
[2000/08/21 19:01:38 | 000,000,005 | ---- | C] () -- C:\Program Files\WDIRNOP.COM
[2000/08/21 18:01:31 | 000,224,256 | ---- | C] () -- C:\WINDOWS\UnDrake.exe
[2000/07/25 19:43:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2000/07/25 19:43:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\N2PAuto.exe
[2000/05/10 22:40:05 | 000,108,992 | ---- | C] () -- C:\WINDOWS\System32\SH34W32.DLL
[2000/05/10 22:40:05 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\IFORCE2.dll
[2000/05/10 18:23:37 | 000,009,030 | ---- | C] () -- C:\WINDOWS\hh.dat
[2000/05/10 18:19:56 | 000,095,544 | ---- | C] () -- C:\WINDOWS\System32\MSNFreeWeb.exe
[2000/05/10 16:54:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EPASET32.DLL
[2000/05/10 16:40:35 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2000/05/10 15:24:19 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[2000/05/10 15:09:52 | 000,147,968 | ---- | C] () -- C:\WINDOWS\System32\INSTAPI.DLL
[2000/05/10 15:07:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[2000/05/10 14:45:22 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2000/03/29 01:58:40 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000/01/27 16:33:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SysIECom.dll
[2000/01/27 16:33:55 | 000,311,364 | ---- | C] () -- C:\WINDOWS\System32\ssistd.dll
[2000/01/27 16:33:55 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\ssistdop.dll
[1999/04/11 20:54:20 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL

< End of report >


OTL Extras logfile created on: 24/06/2011 11:53:39 - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

767.53 Mb Total Physical Memory | 301.89 Mb Available Physical Memory | 39.33% Memory free
1.83 Gb Paging File | 1.39 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.10 Gb Total Space | 2.32 Gb Free Space | 12.13% Space Free | Partition Type: FAT32
Drive D: | 564.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 487.89 Mb Total Space | 102.68 Mb Free Space | 21.04% Space Free | Partition Type: FAT32

Computer Name: GATEWAY | User Name: DW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CFE4799-CB85-456C-AABE-9BA2D02D81DB}" = Sky Broadband
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{69E8BEBD-B3AA-4981-BA49-AD0AEA731033}" = Nero BackItUp 2 Essentials
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A974D91-7729-45CB-8AF6-BA6E72D4FB9D}" = InvisibleHand
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Creative Launcher" = Creative Launcher
"DVDPlayer" = Software CineMaster 99
"ERUNT_is1" = ERUNT 1.1j
"F5D5050" = F5D5050 Driver Uninstall
"Final Uninstaller_is1" = Final Uninstaller
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Standard Edition
"Outlook Express Sync_is1" = Outlook Express Sync 2.1
"PhoneTools" = PhoneTools
"PlayCenter" = Creative PlayCenter
"Q903235" = Internet Explorer Q903235
"QuickTime32" = QuickTime for Windows (32-bit)
"Recorder" = Creative Recorder
"Registry Mechanic_is1" = Registry Mechanic 5.2
"Starry Night Bundle Edition" = Starry Night Bundle Edition
"TuneUp Utilities" = TuneUp Utilities
"U-Storage" = U-Storage 1.24
"VEN_14F1&DEV_1036&SUBSYS_027013E0" = 56K PCI Voice Modem SF-1156IV+ R9A
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-1343024091-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Vuze Launcher" = Vuze Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/06/2011 14:41:55 | Computer Name = GATEWAY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 22/06/2011 15:09:04 | Computer Name = GATEWAY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 22/06/2011 15:35:54 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 22/06/2011 15:35:54 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 23/06/2011 04:09:35 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 23/06/2011 04:09:35 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 23/06/2011 13:11:16 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 23/06/2011 13:11:16 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 24/06/2011 04:53:03 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

Error - 24/06/2011 04:53:03 | Computer Name = GATEWAY | Source = WinDefendRtp | ID = 3003
Description =

[ OSession Events ]
Error - 08/01/2010 12:48:46 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14811 seconds with 1020 seconds of active time. This session ended with
a crash.

Error - 15/04/2010 13:59:01 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11376 seconds with 2940 seconds of active time. This session ended with
a crash.

Error - 24/05/2010 16:25:57 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/05/2010 16:26:25 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/09/2010 15:40:57 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/12/2010 06:03:50 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1400 seconds with 1080 seconds of active time. This session ended with a
crash.

Error - 09/02/2011 15:05:43 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/03/2011 17:10:22 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 75
seconds with 60 seconds of active time. This session ended with a crash.

Error - 21/04/2011 11:07:33 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/05/2011 17:10:30 | Computer Name = GATEWAY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:10 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:11 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:11 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2011 05:43:11 | Computer Name = GATEWAY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

[ TuneUp Events ]
Error - 17/06/2011 19:22:43 | Computer Name = GATEWAY | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users