Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with MSN Plus Toolbar, browser homepage re-direct


  • This topic is locked This topic is locked
14 replies to this topic

#1 tooproforyou

tooproforyou

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 June 2011 - 12:53 PM

I have recently installed MSN Plus add-on and unintentionally installed the toolbar as well. I have tried to remove the toolbar by uninstalling it from the "add/remove programs" function but it didn't work. Then I tried to remove MSN Plus itself and yet the toolbar remains in my browser (Mozilla Firefox). There may be other malaware infected in my computer as well so if you find them please advise what I should do, but MSN Toolbar is the one I want removed with priority. Thanks in advance!
Here are my logs:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Kit at 21:41:05 on 2011-06-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1121 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\kit\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} - hxxp://67.226.179.171/DvrOcx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271629350126
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271629343266
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C0C28BA5-252C-4F9F-BA5D-0407B7BA8FFC} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kit\application data\mozilla\firefox\profiles\s1ens1eg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 561152]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-15 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-8-15 388936]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-15 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-15 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-15 168776]
.
=============== Created Last 30 ================
.
2011-06-21 17:12:07 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-21 17:12:06 -------- d-----w- c:\documents and settings\kit\local settings\application data\Temp
2011-06-16 01:44:43 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 01:02:41 -------- d-----w- c:\documents and settings\kit\application data\mkvtoolnix
2011-06-06 21:53:18 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
2011-06-03 17:28:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 18:42:53 1409 ----a-w- c:\windows\QTFont.for
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 21:41:52.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 01 July 2011 - 05:23 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 03 July 2011 - 02:30 PM

thank you for your response. I will work on the above requests within 24 hours

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 04 July 2011 - 09:19 AM

Great, I will keep an eye out!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 04 July 2011 - 04:19 PM

Attached are the logs from OTL and GMER. However, when I was preparing the OTL log I initially did not disable virus scan so I re-ran the OTL again to create a new log. It ended up only giving me one log, not two (initially, when I did not disable the virus scan it gave me 2 logs but I had deleted those when I decided to re-run OTL with virus scan disabled). Anyways, if this is a problem, please advise how I should proceed. Regardless, here are my OTL and GMER logs:

OTL logfile created on: 7/4/2011 2:10:48 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Kit\Desktop\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.04% Memory free
3.33 Gb Paging File | 2.86 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 17.07 Gb Free Space | 34.96% Space Free | Partition Type: NTFS
Drive D: | 100.22 Gb Total Space | 12.07 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
Drive G: | 120.38 Gb Total Space | 23.92 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive H: | 177.71 Gb Total Space | 119.78 Gb Free Space | 67.40% Space Free | Partition Type: NTFS

Computer Name: ROOM | User Name: Kit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 13:53:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL\OTL.exe
PRC - [2011/06/28 21:17:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/29 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 13:53:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - [2008/08/15 18:56:01 | 000,381,856 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/15 18:55:54 | 000,459,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/15 18:55:54 | 000,042,976 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/15 18:55:49 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/15 18:27:01 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/11/03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2006/11/29 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/29 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/29 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/29 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/29 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/29 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/08/17 13:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 21:17:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 15:50:20 | 000,000,000 | ---D | M]

[2010/05/13 22:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Extensions
[2011/06/30 15:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions
[2011/06/30 15:58:36 | 000,000,000 | ---D | M] (Messenger Plus CA Community Toolbar) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}
[2011/06/21 13:12:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com
[2011/03/26 13:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/05 20:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/26 13:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/05 20:41:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/28 21:17:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/24 18:14:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Kit\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1844237615-2147137731-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://67.226.179.171/DvrOcx.cab (Dvr Net 8116)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271629350126 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271629343266 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 06:11:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\AutoRun\command - "" = rthrw.com
O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\explore\Command - "" = rthrw.com
O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\open\Command - "" = rthrw.com
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\Mpeg\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\Mpeg\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uldx - C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 6\Ulead DVD MovieFactory 6\DivX_ul.dll (DivXNetworks, Inc.)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\OTL
[2011/06/30 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\test
[2011/06/30 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MKVtoolnix
[2011/06/30 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2011/06/30 16:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\temp
[2011/06/30 15:47:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/21 21:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\DDS
[2011/06/21 21:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kit\Start Menu\Programs\Administrative Tools
[2011/06/21 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Local Settings\Application Data\Temp
[2011/06/20 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\POTC DLC
[2011/06/11 21:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Application Data\mkvtoolnix
[2011/06/06 17:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/06/06 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/06 17:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/04 14:04:39 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/04 14:04:39 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 15:26:21 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 11:22:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 22:54:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/30 16:59:40 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 15:52:41 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/30 15:50:20 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/29 21:06:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/29 15:31:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/23 22:45:05 | 000,014,167 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:48 | 000,063,544 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/06/16 16:53:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 14:49:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 15:50:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/30 15:50:20 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 22:45:05 | 000,014,167 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:47 | 000,063,544 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/02/14 21:16:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHS.dll
[2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\WINDOWS\System32\RM_DVRNET_DLL.dll
[2010/12/25 13:12:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/24 15:10:46 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/24 15:10:46 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/24 15:10:46 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/24 15:10:46 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/24 15:10:46 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/24 15:10:46 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/24 15:10:46 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/24 15:10:46 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/24 15:10:46 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/24 15:10:46 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/24 15:10:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/24 15:10:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/24 15:08:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw8b.bin
[2010/12/24 15:07:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini
[2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK.dll
[2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK(KNOWLEDGE).dll
[2010/09/26 15:48:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxESP.dll
[2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxFRA.dll
[2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxRUS.dll
[2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTB.dll
[2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTG.dll
[2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxDEU.dll
[2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHT.dll
[2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPLK.dll
[2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxITA.dll
[2010/04/22 19:37:35 | 000,077,065 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/04/19 19:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/18 19:32:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/15 15:58:34 | 000,229,442 | ---- | C] () -- C:\WINDOWS\System32\winpubf.dll
[2010/01/15 15:58:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvrfs.dll
[2008/09/01 17:35:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/09/01 17:09:17 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/01 17:09:17 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/01 17:09:17 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/01 17:09:17 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/28 22:15:33 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/22 23:43:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/18 22:03:55 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/08/18 22:03:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/08/18 22:03:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/18 22:03:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/08/15 18:21:52 | 000,031,454 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/08/15 18:21:52 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/08/15 17:50:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/15 17:38:16 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mfpd.ini
[2008/08/15 17:23:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/29 21:55:27 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/04/29 21:53:42 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/04/29 21:52:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/29 21:52:49 | 000,011,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/29 21:52:40 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/29 06:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/29 06:09:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/29 01:52:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/29 01:49:24 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/01/03 18:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 17:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

========== LOP Check ==========

[2010/12/24 15:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2008/08/15 19:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2010/12/27 13:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Epson
[2008/09/01 17:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/12/24 15:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/09/01 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2008/08/15 18:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/04/06 23:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/02/27 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2008/09/01 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/06/21 21:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/09/01 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/09/01 17:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/25 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\ACD Systems
[2011/06/30 16:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Aegisub
[2008/08/18 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\DataCast
[2010/12/24 16:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Epson
[2011/05/07 11:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\facemoods.com
[2011/02/27 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\GetRight
[2011/06/11 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\mkvtoolnix
[2010/04/18 18:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Ulead Systems
[2011/06/30 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\uTorrent
[2010/05/14 16:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mandy\Application Data\Ulead Systems
[2008/08/15 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ray\Application Data\Babylon

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/29 01:48:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/29 01:48:25 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/29 01:48:25 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2008/04/29 06:11:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/29 06:07:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/04/29 06:11:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/26 15:18:43 | 000,000,045 | ---- | M] () -- C:\error.log
[2008/04/29 06:11:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/28 22:31:32 | 000,000,171 | ---- | M] () -- C:\mp4log.txt
[2008/04/29 06:11:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/03 18:26:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/03 11:22:27 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/04/18 18:33:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/18 20:05:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/18 18:33:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/18 20:05:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/09/01 17:14:15 | 000,485,612 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/09/10 16:12:46 | 000,229,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\HP1006S.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >




GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-04 17:14:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 WDC_WD1600AAJS-00PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\Kit\LOCALS~1\Temp\pgldrpod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA7F6135B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA7F612DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA7F61385]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA7F612EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA7F6131B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA7F613AF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA7F612C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA7F6136F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA7F61305]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA7F61331]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA7F61347]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA7F613C5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA7F61399]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP A7F6139D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 805790A8 5 Bytes JMP A7F6135F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP A7F613B3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP A7F613C9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B841E 7 Bytes JMP A7F61373 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D1230 5 Bytes JMP A7F61389 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP A7F6134B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP A7F61335 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP A7F61309 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP A7F612DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP A7F612F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP A7F6131F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP A7F612CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0xA8149000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA814A000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01D30000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01D30073
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01D30F88
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01D30062
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01D30FA5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01D30FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01D300BC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01D3009F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01D30F3E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01D30F59
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01D300FC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01D30047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01D30011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01D30084
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01D30FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01D30022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01D300D7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01D20FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01D20F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01D20011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01D20FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01D20F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01D20000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01D20F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F2, 89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01D20FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D10FAD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D10FC8
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D10027
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D10000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D10038
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D10FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01D00000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenA 3D95D690 3 Bytes JMP 01210FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenA + 4 3D95D694 1 Byte [C3]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenW 3D95DB09 3 Bytes JMP 01210FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenW + 4 3D95DB0D 1 Byte [C3]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenUrlA 3D95F3A4 3 Bytes JMP 01210FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenUrlA + 4 3D95F3A8 1 Byte [C3]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1032] WinInet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0121001E
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007008C
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070071
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F61
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F7C
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700D5
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F46
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700E6
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007009D
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700C4
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0006006C
.text C:\WINDOWS\system32\services.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FB2
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F68
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F83
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0078
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F3C
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0093
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F04
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0EE9
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0F4D
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\lsass.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F1F
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0076
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\lsass.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0F75
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FB5
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0F90
.text C:\WINDOWS\system32\lsass.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FC6
.text C:\WINDOWS\system32\lsass.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F0005B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F70
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F0004A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F8D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F0001E
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F24
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F41
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000AC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00F13
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F02
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00039
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F0006C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FB2
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FC3
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00087
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0011
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F8A
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FCA
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0047
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FA5
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0FA3
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0FBE
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE002E
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FD9
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C3009F
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30FAA
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30084
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30073
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3003D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C300CD
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F85
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C300F9
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300E8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30F45
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30058
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C300B0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F74
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20F83
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C1002E
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FA3
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FC8
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C1001D
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FE3
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A7
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008C
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007B
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00B8
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F70
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00DA
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F30
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C9
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FB9
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290076
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290065
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0036
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC6
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A001B
.text C:\WINDOWS\Explorer.EXE[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0FD4
.text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 002C0FC3
.text C:\WINDOWS\Explorer.EXE[1440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20000
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02CD0000
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02CD00A9
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02CD008E
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02CD0FC0
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02CD0FD1
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02CD0062
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02CD00DF
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02CD0F99
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02CD0F50
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02CD0F61
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02CD0F3F
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02CD0073
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02CD0025
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02CD00C4
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02CD0051
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02CD0036
.text C:\WINDOWS\System32\svchost.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02CD0F7C
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02CC0FCA
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02CC005B
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02CC0025
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02CC000A
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02CC0040
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02CC0FEF
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02CC0F9E
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 8A]
.text C:\WINDOWS\System32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02CC0FB9
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02CB0049
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!system 77C293C7 5 Bytes JMP 02CB0FC8
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02CB002E
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_open 77C2F566 3 Bytes JMP 02CB000C
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_open + 4 77C2F56A 1 Byte [8B]
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02CB0FE3
.text C:\WINDOWS\System32\svchost.exe[1472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02CB001D
.text C:\WINDOWS\System32\svchost.exe[1472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B50000
.text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02B40FEF
.text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02B40FDE
.text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02B40014
.text C:\WINDOWS\System32\svchost.exe[1472] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02B40025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01000FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01000FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01000FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01000093
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01000076
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01000FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01000F8B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010000D3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01000F55
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01000F70
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 1 Byte [E9]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01000F44
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0100005B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0100000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010000C2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0100002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0100001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010000EE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0065
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0053
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FD9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE002E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0F66
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C005B
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C004A
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0F97
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C001E
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C0098
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0087
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C0F24
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F35
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C00D8
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C002F
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C0076
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0FA8
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C00B3
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007B0014
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007B0051
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007B0FCD
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007B0F94
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007B0036
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007B0025
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0047
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0FB2
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0FCD
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A0022
.text C:\WINDOWS\system32\svchost.exe[1560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0FDE
.text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1572] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1572] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1572] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1572] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F86
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10071
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10F97
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A1004A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10FA8
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A100CC
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A100B1
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A10F3D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A10F58
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10F22
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A1002F
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10FDE
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A100A0
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10FC3
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10014
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10F69
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A00069
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A00058
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A00FC0
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C0, 88]
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A00047
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009F0084
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!system 77C293C7 5 Bytes JMP 009F0069
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009F0033
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009F004E
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009F0018
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90089
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F8A
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90058
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90FA5
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90022
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B900B0
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F68
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F43
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900DC
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900ED
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90047
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F79
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900C1
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B8006C
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80FC0
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70042
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70027
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FC8
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70FB7
.text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF007F
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF006E
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0053
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FC0
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0F48
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F65
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D0
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F37
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00E1
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0090
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660069
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660058
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660047
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0066002C
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650055
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650044
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650029
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630022
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00630FC7
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 05 July 2011 - 05:38 PM

Hello, tooproforyou.

OK, we'll try some manual cleaning and run a malwre scan. There is a bit more to do after this. I do see some potential signs of a very serious infection, but I won't worry unless the virus scan we do later detects it.





Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    [2011/06/30 15:58:36 | 000,000,000 | ---D | M] (Messenger Plus CA Community Toolbar) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}
    [2011/06/21 13:12:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\AutoRun\command - "" = rthrw.com
    O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\explore\Command - "" = rthrw.com
    O33 - MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\Shell\open\Command - "" = rthrw.com
    :files
    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Change Extra Registry to Use Safelist (It turns off after you run OTL once which is why you did not get the extras.txt log the second time you ran it)
  • Push the Posted Image button.
  • Two reports will open, copy and paste both of them in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 06 July 2011 - 04:47 PM

All processes killed
========== OTL ==========
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\searchplugin folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\modules folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\META-INF folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\defaults folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\components folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053}\chrome folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\{9cd2401a-3a23-4d04-876e-8712d1709053} folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-839522115-1844237615-2147137731-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ not found.
File rthrw.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ not found.
File rthrw.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ae2b8f4-6d92-11dd-b827-001fc6a3acba}\ not found.
File rthrw.com not found.
========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 32998653 bytes
->Temporary Internet Files folder emptied: 32199331 bytes
->FireFox cache emptied: 60003718 bytes
->Flash cache emptied: 2158 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Kit
->Temp folder emptied: 254227952 bytes
->Temporary Internet Files folder emptied: 103708889 bytes
->Java cache emptied: 540692 bytes
->FireFox cache emptied: 674890905 bytes
->Flash cache emptied: 369423 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mandy
->Temp folder emptied: 635146 bytes
->Temporary Internet Files folder emptied: 26039567 bytes
->FireFox cache emptied: 97666945 bytes
->Flash cache emptied: 1514 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2815163 bytes

User: Ray
->Temp folder emptied: 587497 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105502772 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,328.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 07062011_160634

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 7/6/2011 4:19:00 PM - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Kit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.44% Memory free
3.33 Gb Paging File | 2.70 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 18.20 Gb Free Space | 37.26% Space Free | Partition Type: NTFS
Drive D: | 100.22 Gb Total Space | 10.02 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive G: | 120.38 Gb Total Space | 23.92 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive H: | 177.71 Gb Total Space | 119.78 Gb Free Space | 67.40% Space Free | Partition Type: NTFS

Computer Name: ROOM | User Name: Kit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
PRC - [2011/06/28 21:17:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/29 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - [2008/08/15 18:56:01 | 000,381,856 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/15 18:55:54 | 000,459,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/15 18:55:54 | 000,042,976 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/15 18:55:49 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/15 18:27:01 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/11/03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2006/11/29 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/29 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/29 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/29 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/29 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/29 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/08/17 13:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 21:17:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 15:50:20 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 21:17:08 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 15:50:20 | 000,000,000 | ---D | M]

[2010/05/13 22:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Extensions
[2011/07/06 16:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions
[2011/03/26 13:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/05 20:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/26 13:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/05 20:41:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/28 21:17:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/24 18:14:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Kit\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://67.226.179.171/DvrOcx.cab (Dvr Net 8116)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271629350126 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271629343266 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 06:11:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 16:06:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 16:05:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2011/07/06 16:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/06 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/06 16:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/06 16:02:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kit\Desktop\erunt-setup.exe
[2011/07/04 14:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\GMER
[2011/07/04 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\OTL
[2011/06/30 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\test
[2011/06/30 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MKVtoolnix
[2011/06/30 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2011/06/30 16:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\temp
[2011/06/30 15:47:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/21 21:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\DDS
[2011/06/21 21:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kit\Start Menu\Programs\Administrative Tools
[2011/06/21 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Local Settings\Application Data\Temp
[2011/06/20 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\POTC DLC
[2011/06/15 21:44:43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/11 21:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Application Data\mkvtoolnix
[2011/06/06 17:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/06/06 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/06 17:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/07/06 16:16:57 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/06 16:16:57 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/06 16:13:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/06 16:12:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2011/07/06 16:03:31 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/06 16:03:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\NTREGOPT.lnk
[2011/07/06 16:03:18 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\ERUNT.lnk
[2011/07/06 16:02:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kit\Desktop\erunt-setup.exe
[2011/07/04 19:45:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/04 19:44:58 | 000,298,539 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\433654_1306332405SS4Y.rar
[2011/06/30 16:59:40 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 15:52:41 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/30 15:50:20 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/29 21:06:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/29 15:31:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/23 22:45:05 | 000,014,167 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:48 | 000,063,544 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/06/16 19:56:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 16:53:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 14:49:32 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2011/07/06 16:03:31 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/06 16:03:18 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\NTREGOPT.lnk
[2011/07/06 16:03:18 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\ERUNT.lnk
[2011/07/04 19:44:58 | 000,298,539 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\433654_1306332405SS4Y.rar
[2011/06/30 15:50:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/30 15:50:20 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/23 22:45:05 | 000,014,167 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:47 | 000,063,544 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/02/14 21:16:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHS.dll
[2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\WINDOWS\System32\RM_DVRNET_DLL.dll
[2010/12/25 13:12:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/24 15:10:46 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/24 15:10:46 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/24 15:10:46 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/24 15:10:46 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/24 15:10:46 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/24 15:10:46 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/24 15:10:46 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/24 15:10:46 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/24 15:10:46 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/24 15:10:46 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/24 15:10:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/24 15:10:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/24 15:08:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw8b.bin
[2010/12/24 15:07:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini
[2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK.dll
[2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK(KNOWLEDGE).dll
[2010/09/26 15:48:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxESP.dll
[2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxFRA.dll
[2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxRUS.dll
[2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTB.dll
[2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTG.dll
[2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxDEU.dll
[2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHT.dll
[2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPLK.dll
[2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxITA.dll
[2010/04/22 19:37:35 | 000,077,065 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/04/19 19:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/18 19:32:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/15 15:58:34 | 000,229,442 | ---- | C] () -- C:\WINDOWS\System32\winpubf.dll
[2010/01/15 15:58:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvrfs.dll
[2008/09/01 17:35:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/09/01 17:09:17 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/01 17:09:17 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/01 17:09:17 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/01 17:09:17 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/28 22:15:33 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/22 23:43:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/18 22:03:55 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/08/18 22:03:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/08/18 22:03:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/18 22:03:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/08/15 18:21:52 | 000,031,454 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/08/15 18:21:52 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/08/15 17:50:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/15 17:38:16 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mfpd.ini
[2008/08/15 17:23:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/29 21:55:27 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/04/29 21:53:42 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/04/29 21:52:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/29 21:52:49 | 000,011,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/29 21:52:40 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/29 06:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/29 06:09:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/29 01:52:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/29 01:49:24 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/01/03 18:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 17:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

< End of report >




OTL Extras logfile created on: 7/6/2011 4:19:00 PM - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Kit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.44% Memory free
3.33 Gb Paging File | 2.70 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 18.20 Gb Free Space | 37.26% Space Free | Partition Type: NTFS
Drive D: | 100.22 Gb Total Space | 10.02 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive G: | 120.38 Gb Total Space | 23.92 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive H: | 177.71 Gb Total Space | 119.78 Gb Free Space | 67.40% Space Free | Partition Type: NTFS

Computer Name: ROOM | User Name: Kit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:Battle.net

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Kit\Local Settings\Temp\Update_f25f.exe" = C:\Documents and Settings\Kit\Local Settings\Temp\Update_f25f.exe:*:Enabled:InstallCore™
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}" = ACDSee 6.0 PowerPack
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"iolo technologies' System Mechanic 5 Professional" = iolo technologies' System Mechanic 5 Professional
"MightyFax" = MightyFax
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"ratDVD" = ratDVD 0.78.1444
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"SnagIt7" = SnagIt 7
"SopCast" = SopCast 3.3.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.7
"Warkeys" = Warkeys 1.16.0.0b
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-1844237615-2147137731-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2011 11:15:16 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application tesseract.exe, version 0.0.0.0, faulting module
msvcr90.dll, version 9.0.30729.1, fault address 0x0002f93e.

Error - 4/2/2011 11:34:35 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application tesseract.exe, version 0.0.0.0, faulting module
msvcr90.dll, version 9.0.30729.1, fault address 0x0002f93e.

Error - 4/15/2011 8:23:13 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msonsext.dll, version 11.0.6715.60, fault address 0x00053555.

Error - 4/20/2011 10:31:14 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module hotplug.dll, version 5.1.2600.5512, fault address 0x000048be.

Error - 4/23/2011 9:29:17 PM | Computer Name = ROOM | Source = Application Hang | ID = 1002
Description = Hanging application aegisub32.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 7:00:05 PM | Computer Name = ROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2011 8:01:52 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module hotplug.dll, version 5.1.2600.5512, fault address 0x000048c4.

Error - 5/21/2011 2:27:10 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.4.2677.0, faulting module
iviaudio.ax, version 8.0.6.142, fault address 0x000149f4.

Error - 5/21/2011 2:27:23 PM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.4.2677.0, faulting module
iviaudio.ax, version 8.0.6.142, fault address 0x000149f4.

Error - 6/28/2011 12:12:22 AM | Computer Name = ROOM | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module hotplug.dll, version 5.1.2600.5512, fault address 0x000048c4.

[ System Events ]
Error - 7/6/2011 4:06:35 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The Capture Device Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The IviRegMgr service terminated unexpectedly. It has done this 1
time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The McAfee Framework Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The McAfee Task Manager service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/6/2011 4:06:36 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/6/2011 4:06:37 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/6/2011 4:06:37 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The Window Washer Engine service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/6/2011 4:06:39 PM | Computer Name = ROOM | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 2 time(s).


< End of report >



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2011 5:31:29 PM
mbam-log-2011-07-06 (17-31-29).txt

Scan type: Quick scan
Objects scanned: 186470
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 06 July 2011 - 06:23 PM

Hello, tooproforyou.

Is the toolbar gone now?


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.


Step 1

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 07 July 2011 - 08:55 PM

Yes, it's gone now! thanks :)

C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe probably a variant of Win32/TrojanDropper.Delf.NKEQRT trojan cleaned by deleting - quarantined
C:\Program Files\Lavasoft\Ad-Aware 2007\update-cracked.exe probably a variant of Win32/TrojanDropper.Delf.JBFNDPK trojan cleaned by deleting - quarantined
D:\Downloads\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
H:\Download\MSN Messenger Plus\MsgPlusLive-470.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
H:\Download\MSN Messenger Plus\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
H:\Download\MSN Messenger Plus\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined
H:\Download\System Mechanic 5.0 Pro Full\System Mechanic 5.0 Pro Full.exe probably a variant of Win32/Agent.MNUWIXE trojan deleted - quarantined

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 08 July 2011 - 06:16 AM

Hello, tooproforyou.


Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 26 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 24
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.

Please download the latest version from:
http://get.adobe.com/reader/download/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 3


Please post one final OTL quick scan for me to look at. Please also let me know if your computer is running OK at this point.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 09 July 2011 - 04:12 PM

I've now updated Java and Adobe Reader

Below is the Quick Scan OTL report, everything else is working well.

OTL logfile created on: 7/9/2011 5:02:52 PM - Run 4
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Kit\Desktop\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.01% Memory free
3.33 Gb Paging File | 2.65 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 17.27 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive D: | 100.22 Gb Total Space | 7.18 Gb Free Space | 7.16% Space Free | Partition Type: NTFS
Drive G: | 120.38 Gb Total Space | 23.92 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive H: | 177.71 Gb Total Space | 119.78 Gb Free Space | 67.41% Space Free | Partition Type: NTFS

Computer Name: ROOM | User Name: Kit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\New Folder\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/29 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\New Folder\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/08/09 13:56:26 | 000,388,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/07/31 19:39:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/08/15 18:56:01 | 000,381,856 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/15 18:55:54 | 000,459,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/15 18:55:54 | 000,042,976 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/15 18:55:49 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/15 18:27:01 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/11/03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2006/11/29 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/29 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/29 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/29 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/29 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/29 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/29 06:15:12 | 000,009,728 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2001/08/17 13:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 21:17:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/09 16:59:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 21:17:08 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/09 16:59:01 | 000,000,000 | ---D | M]

[2010/05/13 22:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Extensions
[2011/07/06 16:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kit\Application Data\Mozilla\Firefox\Profiles\s1ens1eg.default\extensions
[2011/07/09 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/05 20:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/09 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/09 16:51:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/28 21:17:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/09 16:51:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/24 18:14:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Kit\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://67.226.179.171/DvrOcx.cab (Dvr Net 8116)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271629350126 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271629343266 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kit\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 06:11:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/09 17:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\New Folder
[2011/07/09 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/09 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/07 18:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/07 18:04:22 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Kit\Desktop\esetsmartinstaller_enu.exe
[2011/07/06 16:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Application Data\Malwarebytes
[2011/07/06 16:40:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 16:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/06 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/06 16:40:20 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 16:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/06 16:39:14 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kit\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/06 16:06:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 16:05:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2011/07/06 16:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/06 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/06 16:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/06 16:02:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kit\Desktop\erunt-setup.exe
[2011/07/04 14:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\GMER
[2011/07/04 13:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\OTL
[2011/06/30 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\test
[2011/06/30 16:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MKVtoolnix
[2011/06/30 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2011/06/30 16:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\temp
[2011/06/21 21:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\DDS
[2011/06/21 21:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kit\Start Menu\Programs\Administrative Tools
[2011/06/21 13:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Local Settings\Application Data\Temp
[2011/06/20 18:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Desktop\POTC DLC
[2011/06/11 21:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kit\Application Data\mkvtoolnix

========== Files - Modified Within 30 Days ==========

[2011/07/09 17:00:41 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/09 17:00:41 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/09 16:59:01 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/09 16:56:47 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 16:56:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 22:01:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/07 18:04:32 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Kit\Desktop\esetsmartinstaller_enu.exe
[2011/07/07 17:47:29 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\Plus World.lnk
[2011/07/06 21:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/06 16:40:24 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 16:39:25 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kit\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/06 16:06:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kit\Desktop\OTL.exe
[2011/07/06 16:03:31 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/06 16:03:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\NTREGOPT.lnk
[2011/07/06 16:03:18 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\ERUNT.lnk
[2011/07/06 16:02:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kit\Desktop\erunt-setup.exe
[2011/07/04 19:44:58 | 000,298,539 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\433654_1306332405SS4Y.rar
[2011/06/30 16:59:40 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 15:52:41 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/29 15:31:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kit\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/23 22:45:05 | 000,014,167 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:48 | 000,063,544 | ---- | M] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/06/16 16:53:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/07/09 16:59:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/09 16:59:01 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/07 17:47:29 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\Plus World.lnk
[2011/07/06 16:40:24 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 16:03:31 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Kit\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/06 16:03:18 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\NTREGOPT.lnk
[2011/07/06 16:03:18 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\ERUNT.lnk
[2011/07/04 19:44:58 | 000,298,539 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\433654_1306332405SS4Y.rar
[2011/06/23 22:45:05 | 000,014,167 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\The_Passion_of_the_Christ_2004_HDRip_XviD_BMDru_chs.zip
[2011/06/23 22:44:47 | 000,063,544 | ---- | C] () -- C:\Documents and Settings\Kit\Desktop\1_12801268272E75.zip
[2011/06/21 21:38:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kit\defogger_reenable
[2011/02/14 21:16:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHS.dll
[2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\WINDOWS\System32\RM_DVRNET_DLL.dll
[2010/12/25 13:12:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/24 15:10:46 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/24 15:10:46 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/24 15:10:46 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/24 15:10:46 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/24 15:10:46 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/24 15:10:46 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/24 15:10:46 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/24 15:10:46 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/24 15:10:46 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/24 15:10:46 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/24 15:10:46 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/24 15:10:46 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/24 15:10:46 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/24 15:10:46 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/24 15:08:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw8b.bin
[2010/12/24 15:07:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV30V300.ini
[2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK.dll
[2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxTRK(KNOWLEDGE).dll
[2010/09/26 15:48:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxESP.dll
[2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxFRA.dll
[2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxRUS.dll
[2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTB.dll
[2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPTG.dll
[2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxDEU.dll
[2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxCHT.dll
[2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxPLK.dll
[2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\DvrOcxITA.dll
[2010/04/22 19:37:35 | 000,077,065 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/04/19 19:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/18 19:32:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/15 15:58:34 | 000,229,442 | ---- | C] () -- C:\WINDOWS\System32\winpubf.dll
[2010/01/15 15:58:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvrfs.dll
[2008/09/01 17:35:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/09/01 17:09:17 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/01 17:09:17 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/01 17:09:17 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/01 17:09:17 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/01 17:09:17 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/28 22:15:33 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Kit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/22 23:43:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/18 22:03:55 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/08/18 22:03:55 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/08/18 22:03:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/18 22:03:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/08/15 18:21:52 | 000,031,454 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/08/15 18:21:52 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/08/15 17:50:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/15 17:38:16 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mfpd.ini
[2008/08/15 17:23:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/29 21:55:27 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/04/29 21:53:42 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/04/29 21:52:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/29 21:52:49 | 000,011,617 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/29 21:52:40 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/29 06:13:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/29 06:09:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/29 01:52:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/29 01:49:24 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/13 15:19:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007/01/03 18:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 17:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

========== LOP Check ==========

[2008/08/15 18:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/04/06 23:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/02/27 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2008/09/01 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/07/07 17:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/09/01 17:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/09/01 17:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/25 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\ACD Systems
[2011/06/30 16:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Aegisub
[2008/08/18 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\DataCast
[2010/12/24 16:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Epson
[2011/05/07 11:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\facemoods.com
[2011/02/27 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\GetRight
[2011/06/11 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\mkvtoolnix
[2010/04/18 18:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\Ulead Systems
[2011/06/30 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kit\Application Data\uTorrent

========== Purity Check ==========



< End of report >

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 09 July 2011 - 04:28 PM

Hello, tooproforyou.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the Posted Image icon to start the program.
  • Then, click the big Posted Image button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.



Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start --> All Programs --> Accessories --> System Tools --> System Restore.
  • Select Create a Restore Point and click Next.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully. Click Close.


Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> Run.
  • Type in cleanmgr into the run box and hit OK.
  • Select C: and press OK
  • Select the More Options tab.
  • Click on Clean up in the System Restore section..
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes and OK for them.
  • Disk cleanup will remove the old restore points that included the malware.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 tooproforyou

tooproforyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 11 July 2011 - 05:13 PM

Thank you very much etavares ! ! !

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 11 July 2011 - 09:47 PM

You're welcome!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 15 July 2011 - 03:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users