Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS-Search Engine Results Pages Keep Redirecting


  • This topic is locked This topic is locked
22 replies to this topic

#1 myxlplyxx

myxlplyxx

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 28 October 2011 - 07:20 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bobby at 21:04:10 on 2011-10-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1199 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111010150527.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\bobby\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WindowsVerifierTray] rundll32.exe "c:\documents and settings\all users\application data\WindowsVerifierTray.dll",DllRegisterServer
uRun: [Vyequvarukururul] rundll32.exe "c:\windows\t3smspx.dll",Startup
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [CanonUpdate] c:\documents and settings\bobby\application data\canon\canonupdate\Canonupdt32.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188353667421
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6028/mcfscan.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://extranet.flintcorp.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
TCP: DhcpNameServer = 68.12.16.25 68.12.16.30
TCP: Interfaces\{24ABB9D6-B10A-49D7-B2CB-16239DE26478} : DhcpNameServer = 68.12.16.25 68.12.16.30
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2y2qf0r6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\bobby\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\bobby\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\bobby\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-9-2 8192]
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-10-2 64048]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 461864]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-5-24 137728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-2 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-10-2 54776]
R1 NEOFLTR_710_18193;Juniper Networks TDI Filter Driver (NEOFLTR_710_18193);c:\windows\system32\drivers\NEOFLTR_710_18193.SYS [2011-7-14 84336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-9-2 304128]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-9 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-2 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-2 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-2 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-8-29 37376]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-2 57432]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2010-7-18 3039536]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-2 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-2 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-2 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83688]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
S2 0182501319744772mcinstcleanup;McAfee Application Installer Cleanup (0182501319744772);c:\windows\temp\018250~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\018250~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-6-25 25832]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-2 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-28 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-19 14:35:44 -------- d-----w- c:\documents and settings\bobby\application data\SUPERAntiSpyware.com
2011-10-19 14:30:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 14:30:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-19 04:39:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 04:39:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 21:05:52 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-02 21:05:44 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-02 21:05:38 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 21:05:19 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-02 21:04:09 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2011-10-02 21:04:07 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-02 21:03:59 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-02 21:03:59 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-02 21:03:59 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-02 21:03:59 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-02 21:03:59 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-02 21:03:59 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-02 21:03:59 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-02 21:03:54 -------- d-----w- c:\program files\McAfee.com
2011-10-02 20:51:27 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-02 20:07:22 -------- d-----w- c:\documents and settings\bobby\local settings\application data\NPE
2011-10-02 20:02:31 -------- d-----w- C:\cleanup
.
==================== Find3M ====================
.
2011-10-02 21:16:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-15 14:44:18 0 ---ha-w- c:\documents and settings\bobby\uwquubofan.tmp
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-04 22:34:53 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-04 22:34:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-04 22:19:17 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 21:06:05.71 ===============

GMER Scan Results

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 07:18:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620AS rev.3.AAE
Running: 3u0pbrim.exe; Driver: C:\DOCUME~1\Bobby\LOCALS~1\Temp\fwldafog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7E85290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7E852A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7E852D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7E85326]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7E8527C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7E85254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7E85268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7E852BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7E852FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7E852E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7E85350]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7E8533C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7E85310]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7E85314 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B7E8532A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B7E85340 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B7E85300 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7E85258 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7E8526C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 3 Bytes JMP B7E85354 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess + 4 805D29E6 1 Byte [37]
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B7E852EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B7E852BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B7E85294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B7E852A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B7E852D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B7E85280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6DB73A0, 0x5CC259, 0xE8000020]
? C:\DOCUME~1\Bobby\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\System32\svchost.exe[520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B80014
.text C:\WINDOWS\System32\svchost.exe[520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30000
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B30067
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30056
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B30F72
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30F83
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F15
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30F3C
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30089
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B30EFA
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B30ED5
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30F94
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B3001B
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B30F4D
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30FDB
.text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B30078
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B2002C
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B20F91
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B2001B
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B20FB6
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20000
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B20058
.text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B20047
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B9004C
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90FC1
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FD2
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90031
.text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FE3
.text C:\WINDOWS\system32\SearchIndexer.exe[836] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FB0FD4
.text C:\WINDOWS\system32\services.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA008E
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0073
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0058
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0047
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0FAF
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA00AB
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0F63
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA00DA
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0F37
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA0F26
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F74
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\services.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA0F48
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01040040
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01040065
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0104001B
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01040FE5
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01040F9E
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01040000
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01040FAF
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [24, 89] {AND AL, 0x89}
.text C:\WINDOWS\system32\services.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01040FCA
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01030FAB
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!system 77C293C7 5 Bytes JMP 01030036
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01030000
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01030FEF
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01030011
.text C:\WINDOWS\system32\services.exe[1224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01030FC6
.text C:\WINDOWS\system32\services.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F77
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F88
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0FA3
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD006C
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0091
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F55
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00C7
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F24
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0F13
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0051
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F66
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0040
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD002F
.text C:\WINDOWS\system32\lsass.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD00A2
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01120FDB
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0112006C
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01120036
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0112001B
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01120051
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01120000
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01120FAF
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [32, 89]
.text C:\WINDOWS\system32\lsass.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01120FCA
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0111003D
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 01110022
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01110011
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01110FE3
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01110FB2
.text C:\WINDOWS\system32\lsass.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01110000
.text C:\WINDOWS\system32\lsass.exe[1236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E7001B
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E60062
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E60051
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E60040
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E6002F
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60F9E
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E60F35
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E60F52
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E600C7
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E600A2
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E60F13
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60F8D
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E6007D
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60FAF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E60F24
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F68
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0F79
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F8D
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0022
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FC6
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FE3
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D9001E
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D800A7
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80FB2
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80080
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D8006F
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FC3
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F69
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F7A
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D800E7
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80F44
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D80F33
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80054
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F97
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D8002F
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D800C2
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0047
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC002C
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0FC0
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0FDB
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0064
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0049
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0038
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB000C
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FD9
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB001D
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA000A
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01990000
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0199001B
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01990FEF
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01980FEF
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0198004A
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01980039
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01980F5F
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01980F86
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01980FA8
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01980F1A
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0198006C
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019800A9
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0198008E
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01980EF5
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01980F97
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01980FDE
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0198005B
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01980FC3
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01980014
.text C:\WINDOWS\System32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0198007D
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02CC0FA8
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02CC0F61
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02CC0FB9
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02CC0FD4
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02CC0014
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02CC0FEF
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02CC0F72
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 8A]
.text C:\WINDOWS\System32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02CC0F8D
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02920049
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 02920FBE
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0292001D
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0292000C
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02920038
.text C:\WINDOWS\System32\svchost.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02920FE3
.text C:\WINDOWS\System32\svchost.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 019B0000
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 019A0000
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 019A001B
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 019A0FE5
.text C:\WINDOWS\System32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 019A0036
.text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790FEF
.text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0079000A
.text C:\WINDOWS\System32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790FD4
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F4B
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F66
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F83
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780040
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0078002F
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780065
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F1D
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800B6
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0078009B
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800D1
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FA8
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FE5
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F3A
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FB9
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FCA
.text C:\WINDOWS\System32\svchost.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780080
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C0065
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C000A
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C004A
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007C002F
.text C:\WINDOWS\System32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C0FB2
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0038
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0FAD
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0027
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0FD2
.text C:\WINDOWS\System32\svchost.exe[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0000
.text C:\WINDOWS\System32\svchost.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D00C6
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D00B5
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D009A
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D007D
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D0FA5
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0FB6
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D012D
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0108
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D013E
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FDB
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D00E1
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D003D
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D002C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F94
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A10036
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A1007D
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A1006C
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A10FD4
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C1, 88]
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A10051
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A0002C
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00FA1
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A00FC6
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FE3
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091002C
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091001B
.text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900080
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F8B
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090006F
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900FB2
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900040
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900091
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F55
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009000D1
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009000B6
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F13
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900FC3
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F70
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F38
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EE0FCA
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EE0058
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EE0025
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EE000A
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EE0047
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EE0036
.text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EE0FAF
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00ED0069
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00ED004E
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00ED0FEF
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00ED000C
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00ED0FDE
.text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00ED0029
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 0092002F
.text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 0092004A
.text C:\WINDOWS\System32\svchost.exe[1936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930000
.text C:\WINDOWS\Explorer.EXE[2920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\Explorer.EXE[2920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090025
.text C:\WINDOWS\Explorer.EXE[2920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009000A
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B00B5
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0090
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0069
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0047
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00D7
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F9B
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0117
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0106
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0132
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0058
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0011
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00C6
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002C
.text C:\WINDOWS\Explorer.EXE[2920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F7E
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F83
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0025
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A004A
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\Explorer.EXE[2920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B004C
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0FB7
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0027
.text C:\WINDOWS\Explorer.EXE[2920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[2920] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\Explorer.EXE[2920] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 002D0000
.text C:\WINDOWS\Explorer.EXE[2920] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 002D0011
.text C:\WINDOWS\Explorer.EXE[2920] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 002D002C
.text C:\WINDOWS\Explorer.EXE[2920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FC0FE5
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0014000A
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00140FE5
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0014001B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0027008E
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270073
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F8F
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270058
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027003D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700BC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F74
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F2D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F3E
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F12
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB6
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270011
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027009F
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FD1
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270022
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F4F
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB2
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360043
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FCD
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FDE
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360032
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360F86
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FA1
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370FC3
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FDE
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037003A
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0037000C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370029
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01EB0FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01EB0FD4
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01EB0FC3
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01EB0014
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3432] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02730FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00170028
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateKey + 6 7C90D0F4 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateKey + B 7C90D0F9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateMutant + 6 7C90D114 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateMutant + B 7C90D119 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00140014
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateSection + 6 7C90D184 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtCreateSection + B 7C90D189 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [A8, 04, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenKey + 6 7C90D5D4 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenKey + B 7C90D5D9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenMutant + 6 7C90D5E4 4 Bytes CALL 7B90ECEA
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenMutant + B 7C90D5E9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcess + 6 7C90D604 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [28, 04, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenSection + 6 7C90D634 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenSection + B 7C90D639 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes CALL 7B90ED6B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes CALL 7B90ED7C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes [68, 04, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00140FDE
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [A8, 03, 17, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes CALL 7B90F61D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00290FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00290F68
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00290067
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0029004A
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00290F97
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00290FB9
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0029008C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00290F3A
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002E00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002E00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002E0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002900B8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00290FA8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 002E0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00290FDE
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002E0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00290F57
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0029002F
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0029001E
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0029009D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!RegisterClipboardFormatA 7E418E28 5 Bytes JMP 003D02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!RegisterClipboardFormatW 7E41AF34 5 Bytes JMP 003D02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 003D0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!ActivateKeyboardLayout 7E428673 5 Bytes JMP 003D04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!IsClipboardFormatAvailable 7E42F166 5 Bytes JMP 003D00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardSequenceNumber 7E42F17A 2 Bytes JMP 003D0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardSequenceNumber + 3 7E42F17D 2 Bytes [FA, 81]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!CloseClipboard 7E430265 5 Bytes JMP 003D00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 003D0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!SetClipboardViewer 7E430473 5 Bytes JMP 003D04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!ChangeClipboardChain 7E430487 5 Bytes JMP 003D0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!EmptyClipboard 7E430D96 5 Bytes JMP 003D0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardOwner 7E430DA8 5 Bytes JMP 003D0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003D0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 003D0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardFormatNameA 7E431290 5 Bytes JMP 003D0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!CountClipboardFormats 7E43167F 5 Bytes JMP 003D01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetOpenClipboardWindow 7E431691 5 Bytes JMP 003D03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!EnumClipboardFormats 7E43E53D 5 Bytes JMP 003D01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardFormatNameW 7E45957F 5 Bytes JMP 003D0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetClipboardViewer 7E46CB94 5 Bytes JMP 003D0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] USER32.dll!GetPriorityClipboardFormat 7E46CC96 5 Bytes JMP 003D03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 003E0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SelectObject 77F15B70 5 Bytes JMP 003E05B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetTextColor 77F15D77 5 Bytes JMP 003E0970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetBkMode 77F15EDB 5 Bytes JMP 003E0830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!IntersectClipRect 77F16A56 5 Bytes JMP 003E03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetClipBox 77F16AA1 5 Bytes JMP 003E0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!DeleteObject 77F16BFA 5 Bytes JMP 003E01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003E0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!ExtSelectClipRgn 77F17874 5 Bytes JMP 003E02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SelectClipRgn 77F17AA0 5 Bytes JMP 003E0570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetTextMetricsW 77F17DB9 5 Bytes JMP 003E0D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 003E08B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetStretchBltMode 77F18597 5 Bytes JMP 003E05F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!RestoreDC 77F18B28 5 Bytes JMP 003E04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SaveDC 77F18BEE 5 Bytes JMP 003E0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetTextAlign 77F18C8B 5 Bytes JMP 003E0930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!MoveToEx 77F1A21A 5 Bytes JMP 003E0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetTextFaceW 77F1A5CB 5 Bytes JMP 003E0C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!StretchDIBits 77F1B0AE 2 Bytes JMP 003E06B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!StretchDIBits + 3 77F1B0B1 2 Bytes [4C, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetWorldTransform 77F1B457 5 Bytes JMP 003E0630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003E00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003E00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!ExtEscape 77F1C3CC 5 Bytes JMP 003E02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 003E0870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!LineTo 77F1D997 5 Bytes JMP 003E03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetTextMetricsA 77F1DF45 5 Bytes JMP 003E0CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetICMMode 77F1E868 5 Bytes JMP 003E0CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!Rectangle 77F1E9BE 5 Bytes JMP 003E08F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetFontData 77F1F314 5 Bytes JMP 003E0BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetTextFaceA 77F1F365 5 Bytes JMP 003E0C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetPolyFillMode 77F20817 5 Bytes JMP 003E0A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SetMiterLimit 77F20E8E 5 Bytes JMP 003E0AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 003E0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!ResetDCW 77F2B9AF 5 Bytes JMP 003E09F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!CreateICW 77F2C813 5 Bytes JMP 003E0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!BeginPath 77F2D4B0 5 Bytes JMP 003E0770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!EndPath 77F2D530 5 Bytes JMP 003E09B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!SelectClipPath 77F2D5B7 5 Bytes JMP 003E0A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!EndPage 77F2DC61 5 Bytes JMP 003E0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!EndDoc 77F2DEF1 5 Bytes JMP 003E01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!PolyBezierTo 77F2EBD1 5 Bytes JMP 003E0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!PolylineTo 77F2EC7E 5 Bytes JMP 003E04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!CloseFigure 77F2ED1A 5 Bytes JMP 003E0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!StartPage 77F2F49E 5 Bytes JMP 003E0670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!RemoveFontResourceW 77F3D07C 5 Bytes JMP 003E0B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!GetGlyphOutlineW 77F3E6D1 5 Bytes JMP 003E0BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 003E0B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!CreateScalableFontResourceW 77F40160 5 Bytes JMP 003E0AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!AbortDoc 77F44CD2 5 Bytes JMP 003E0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 003E0730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!StrokePath 77F460B7 5 Bytes JMP 003E06F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!FillPath 77F46144 5 Bytes JMP 003E07B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] GDI32.dll!PolyDraw 77F4667B 5 Bytes JMP 003E07F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003F0047
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003F0073
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003F002C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003F001B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003F0058
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003F000A
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003F0FC0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5F, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003F0FDB
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00890FA6
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00890027
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00890FC1
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890016
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00890FD2
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ole32.dll!OleSetClipboard 775477E8 5 Bytes JMP 008A0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 01E20000
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 01E20FEF
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 01E20FDE
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 01E20FCD
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3560] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01EB0000
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3972] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0121FAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_710_18193.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_710_18193.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_710_18193.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_710_18193.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)
Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsNT5.x)/ahead software)

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:56 AM

Posted 28 October 2011 - 05:04 PM

Good evening. :)

Download CKScanner by askey127 from here and save it to your Desktop.

  • Double click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • Please copy and paste the contents of CKFiles.txt into your next reply.

So long, and thanks for all the fish.

 

 


#3 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 28 October 2011 - 11:24 PM

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\all users\documents\duke\duke3d\autoload\duke3d.grp\highres\sprites\firstperson\2324_crackknuckles.md2
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\01 double dare.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\02 in the flat field.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\03 the passion of lovers.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\04 bela lugosi's dead.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\05 the sanity assassin.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\06 she's in parties [edit].m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\07 silent hedges.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\08 hollow hills.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\09 mask.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\10 kick in the eye [alternate versio.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\11 ziggy stardust.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\12 dark entries.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\13 terror couple kill colonel.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\14 spirit [alternate version].m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\15 burning from the inside.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\bauhaus\crackle\16 crowds.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\01 waltz of the flowers.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\02 pas de deux.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\03 spanish chocolate dance.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\04 arabian coffee dance.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\05 chinese tea dance.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\06 dance of the toy flutes.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\07 russian trepack dance.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\08 clown.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\09 grandfather dance.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\berlin symphony orchestra\nutcracker\10 track 10.m4a
c:\documents and settings\bobby\my documents\my music\itunes\itunes music\stone temple pilots\core\11 crackerman.m4a
c:\program files\activision\call of duty - black ops\zone\common\mp_cracked.ff
c:\program files\activision\call of duty - black ops\zone\english\en_mp_cracked.ff
scanner sequence 3.ZZ.11.GBAPTC
----- EOF -----

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:56 AM

Posted 29 October 2011 - 03:12 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#5 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 29 October 2011 - 05:59 PM

Attached File  Startup Error Messages.JPG   217.08KB   2 downloadsOkay.. here's a short description about how computer is performing. Hangs or pauses when starting browsers, movie files are slow to start, and I am receiving some rundll errors at startup as well as a "desktop.ini" notepad document that opens on startup. See attached JPG for a pic of the startup screen. I have tried to limit my internet activity since my initial post and during our correspondence. McAfee viruscan has been re-enabled, although it doesn't seem to do much except charge my credit card annually. I have not updated Adobe or Java since I started having the problems.

Here is the combofix log

ComboFix 11-10-29.05 - Bobby 10/29/2011 16:52:23.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1106 [GMT -5:00]
Running from: c:\documents and settings\Bobby\Desktop\k4m60F1x.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\chrome.manifest
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\chrome\xulcache.jar
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\defaults\preferences\xulcache.js
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\install.rdf
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}\chrome.manifest
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}\chrome\xulcache.jar
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}\defaults\preferences\xulcache.js
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}\install.rdf
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\chrome.manifest
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\chrome\xulcache.jar
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\defaults\preferences\xulcache.js
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\install.rdf
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}\chrome.manifest
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}\chrome\xulcache.jar
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}\defaults\preferences\xulcache.js
c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}\install.rdf
c:\documents and settings\Bobby\GoToAssistDownloadHelper.exe
c:\documents and settings\Bobby\uwquubofan.tmp
c:\windows\tsoc.log
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-19 14:35 . 2011-10-19 14:35 -------- d-----w- c:\documents and settings\Bobby\Application Data\SUPERAntiSpyware.com
2011-10-19 14:30 . 2011-10-19 14:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 14:30 . 2011-10-19 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-19 04:39 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 04:39 . 2011-10-19 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 21:05 . 2011-10-02 21:05 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-02 21:05 . 2010-04-14 01:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-02 21:05 . 2011-10-02 21:05 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-02 21:05 . 2011-04-11 19:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-02 21:04 . 2011-10-06 21:42 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-10-02 21:04 . 2011-08-15 15:00 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-02 21:03 . 2011-08-15 15:00 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-02 21:03 . 2011-08-15 15:00 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-02 21:03 . 2011-08-15 15:00 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-02 21:03 . 2011-08-15 15:00 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-02 21:03 . 2011-08-15 15:00 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-02 21:03 . 2011-08-15 15:00 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-02 21:03 . 2011-08-15 15:00 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-02 21:03 . 2011-10-02 21:03 -------- d-----w- c:\program files\McAfee.com
2011-10-02 20:51 . 2011-08-19 20:59 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-02 20:07 . 2011-10-02 20:12 -------- d-----w- c:\documents and settings\Bobby\Local Settings\Application Data\NPE
2011-10-02 20:02 . 2011-10-02 21:19 -------- d-----w- C:\cleanup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 21:16 . 2011-06-17 00:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41 . 2007-10-09 19:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2002-09-23 20:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2001-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2001-08-18 12:00 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-08-15 15:00 . 2011-03-13 16:20 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00 . 2011-03-13 16:20 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-30 02:24 . 2011-09-13 03:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-22 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"InCD"="c:\program files\ahead\InCD\InCD.exe" [2002-01-15 897024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Documents and Settings\\Bobby\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"c:\\Documents and Settings\\Guest\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Documents and Settings\\Bobby\\My Documents\\My Downloads\\utorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Dead Space.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\reinstall\\Steam.exe"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\duke nukem forever\\System\\DukeForever.exe"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\doom 2\\doom2 + mouse.bat"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\doom 2\\doom2.bat"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\myxlplyxxx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Steam\\reinstall\\steamapps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8219:TCP"= 8219:TCP:BitComet 8219 TCP
"8219:UDP"= 8219:UDP:BitComet 8219 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [9/2/2007 3:07 PM 8192]
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [10/2/2011 4:05 PM 64048]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [5/24/2007 10:35 PM 137728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/2/2011 4:03 PM 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [10/2/2011 4:05 PM 54776]
R1 NEOFLTR_710_18193;Juniper Networks TDI Filter Driver (NEOFLTR_710_18193);c:\windows\system32\drivers\NEOFLTR_710_18193.SYS [7/14/2011 9:38 PM 84336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [9/2/2007 3:07 PM 304128]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6/25/2011 6:18 PM 25832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 4:03 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 4:03 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 4:03 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/2/2011 4:04 PM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/2/2011 3:51 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [8/29/2007 7:41 PM 37376]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/2/2011 4:03 PM 57432]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [7/18/2010 9:25 PM 3039536]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/2/2011 4:03 PM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/2/2011 4:03 PM 83688]
S1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [12/27/2007 10:23 PM 64160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 10:44 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/3/2008 11:42 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 10:44 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/2/2011 4:03 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/2/2011 4:03 PM 87808]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/18/2001 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 03:44]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 03:44]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-436374069-839522115-1004Core.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-13 13:12]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-436374069-839522115-1004UA.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-13 13:12]
.
2007-12-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2011-10-29 c:\windows\Tasks\User_Feed_Synchronization-{F2A07934-D492-4F44-81A9-967B2B1B5933}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 68.12.16.25 68.12.16.30
FF - ProfilePath - c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-WindowsVerifierTray - c:\documents and settings\All Users\Application Data\WindowsVerifierTray.dll
HKCU-Run-Vyequvarukururul - c:\windows\t3smspx.dll
HKCU-Run-CanonUpdate - c:\documents and settings\Bobby\Application Data\Canon\CanonUpdate\Canonupdt32.exe
HKLM-Run-UVS12 Preload - c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Call of Duty - e:\progra~1\CALLOF~1\Uninstall\Unwise.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-GameSpy Arcade - e:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-nwcscript - c:\program files\steam\steamapps\myxlplyxxx\uninst-nwcscript.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 17:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-436374069-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\HMIPCore.dll
.
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\System32\NOTEPAD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-29 17:40:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-29 22:40
ComboFix2.txt 2010-08-19 19:48
ComboFix3.txt 2010-07-11 06:24
.
Pre-Run: 24,366,317,568 bytes free
Post-Run: 24,871,895,040 bytes free
.
- - End Of File - - D5A8B2AAE98870E042F7ED48B7CC06E6

#6 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 29 October 2011 - 06:01 PM

POINT OF INFORMATION!! Was having the RUNDLL errors and the Desktop.ini issues prior to starting help sessions on BleepingComputer or running COMBOFIX!

...just sayin'

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:56 AM

Posted 30 October 2011 - 02:40 PM

Good evening. :)

OK, you need to be clear about any issues you are having with your PC rather than delivering them piecemeal. It may make a difference to how I approach the problems your PC has. If I don't know, I can't take them into account, and that may not work out to your advantage.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#8 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 October 2011 - 06:30 PM

OTL logfile created on: 10/30/2011 4:08:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.41% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 23.19 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1259.18 Gb Free Space | 67.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 101.93 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Computer Name: MAINTENANCE | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 16:05:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.scr
PRC - [2011/10/06 16:41:16 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/25 18:18:26 | 000,025,832 | ---- | M] (BioWare) -- c:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
PRC - [2011/04/08 13:59:50 | 000,419,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/03/09 05:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/19 21:38:22 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2007/04/19 21:29:56 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2007/04/19 21:29:44 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2007/04/19 21:24:50 | 001,169,744 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2002/01/15 08:55:30 | 000,897,024 | ---- | M] (Copyright © ahead software gmbh and its licensors) -- C:\Program Files\ahead\InCD\InCD.exe
PRC - [1997/08/19 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997/08/19 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/13 03:19:42 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 03:19:36 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 03:19:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 03:19:25 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 03:19:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/26 01:12:26 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/06/25 12:27:25 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/04/13 20:11:16 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll
MOD - [2009/07/30 20:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/04/19 20:15:06 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Seagate\Common\gc.dll
MOD - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2006/11/10 03:25:38 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2002/01/17 10:20:14 | 000,450,560 | ---- | M] () -- C:\Program Files\ahead\InCD\Res.dll
MOD - [1997/08/19 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/08/19 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1997/08/19 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/10/06 16:41:16 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/25 18:18:26 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- c:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Running] -- C:\Program Files\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/09/05 11:43:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/04/19 21:29:44 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/15 10:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/08/15 10:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/08/15 10:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/08/15 10:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/08/15 10:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/08/15 10:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/08/15 10:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/08/15 10:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/08/15 10:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/08/15 10:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/25 07:29:24 | 000,084,336 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_710_18193.SYS -- (NEOFLTR_710_18193) Juniper Networks TDI Filter Driver (NEOFLTR_710_18193)
DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/06 06:40:10 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/27 22:23:10 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NEOFLTR_600_12507.sys -- (NEOFLTR_600_12507) Juniper Networks TDI Filter Driver (NEOFLTR_600_12507)
DRV - [2007/08/28 22:37:01 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/08/28 22:37:01 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/08/28 22:36:58 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/24 22:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2007/03/26 06:21:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/18 14:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 05:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/01/15 08:57:42 | 000,304,128 | ---- | M] (ahead software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2001/12/20 19:00:00 | 000,008,192 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 E8 FD 9E AD 20 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5C 86 CC 01 19 DA EE 4D 97 83 E1 6C 18 64 B9 1B [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Bobby\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Bobby\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Bobby\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bobby\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bobby\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4E2F94C7-0985-41DA-B3CC-665C44BC46FE}: C:\Documents and Settings\Bobby\Local Settings\Application Data\{4E2F94C7-0985-41DA-B3CC-665C44BC46FE} [2011/09/25 16:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/10/04 18:16:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/10/29 17:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 21:24:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Bobby\Application Data\Move Networks [2009/10/04 13:30:56 | 000,000,000 | ---D | M]

[2011/09/12 22:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Extensions
[2011/10/29 17:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions
[2011/09/12 22:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 17:21:23 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/10/04 18:16:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/09/29 21:24:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/27 23:50:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Bobby\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/10/29 17:32:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111010150527.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe (Copyright © ahead software gmbh and its licensors)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188353667421 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6028/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://extranet.flintcorp.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.12.16.25 68.12.16.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24ABB9D6-B10A-49D7-B2CB-16239DE26478}: DhcpNameServer = 68.12.16.25 68.12.16.30
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Bobby\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bobby\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 20:55:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 16:05:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.scr
[2011/10/29 16:29:20 | 004,277,404 | R--- | C] (Swearware) -- C:\Documents and Settings\Bobby\Desktop\k4m60F1x.exe
[2011/10/19 09:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\Application Data\SUPERAntiSpyware.com
[2011/10/19 09:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/19 09:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/19 09:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/19 08:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\My Documents\LOGS
[2011/10/18 23:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/18 23:39:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/18 23:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/18 23:18:22 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\All Users\Documents\NPE.exe
[2011/10/18 23:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\tdsskiller(1)
[2011/10/14 20:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/05 22:42:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bobby\Recent
[2011/10/02 19:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\My Documents\New Folder
[2011/10/02 16:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/10/02 16:05:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/10/02 16:05:44 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/10/02 16:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/10/02 16:05:19 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys
[2011/10/02 16:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/02 16:05:18 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Bobby\My Documents\McAfee Vaults
[2011/10/02 16:04:07 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/10/02 16:03:59 | 000,338,040 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/10/02 16:03:59 | 000,180,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/10/02 16:03:59 | 000,089,624 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/10/02 16:03:59 | 000,087,808 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/10/02 16:03:59 | 000,083,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/10/02 16:03:59 | 000,059,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/10/02 16:03:59 | 000,057,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/10/02 16:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/10/02 15:51:27 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/10/02 15:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\Local Settings\Application Data\NPE
[2011/10/02 15:02:31 | 000,000,000 | ---D | C] -- C:\cleanup
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Bobby\Desktop\*.tmp files -> C:\Documents and Settings\Bobby\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 16:08:43 | 004,300,800 | ---- | M] () -- C:\ffastunT.ffl
[2011/10/30 16:08:43 | 002,301,952 | -H-- | M] () -- C:\ffastun.ffo
[2011/10/30 16:08:43 | 000,005,031 | -H-- | M] () -- C:\ffastun.ffa
[2011/10/30 16:08:39 | 010,346,496 | -H-- | M] () -- C:\ffastun0.ffx
[2011/10/30 16:08:39 | 004,300,800 | -H-- | M] () -- C:\ffastun.ffl
[2011/10/30 16:05:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.scr
[2011/10/30 15:30:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-436374069-839522115-1004UA.job
[2011/10/30 15:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 14:25:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/29 20:42:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2A07934-D492-4F44-81A9-967B2B1B5933}.job
[2011/10/29 20:02:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2011/10/29 17:32:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/29 17:18:07 | 001,588,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 17:15:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 16:45:21 | 000,222,291 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\Startup Error Messages.JPG
[2011/10/29 16:38:08 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 16:30:13 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-436374069-839522115-1004Core.job
[2011/10/29 16:29:35 | 004,277,404 | R--- | M] (Swearware) -- C:\Documents and Settings\Bobby\Desktop\k4m60F1x.exe
[2011/10/28 23:11:32 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\CKScanner.exe
[2011/10/28 11:28:22 | 000,219,136 | ---- | M] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 09:38:02 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2011/10/19 10:08:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/19 09:30:40 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 09:26:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\db74ba48
[2011/10/18 23:40:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 23:27:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\3ba945b7
[2011/10/18 23:19:19 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\2c0ccdb2
[2011/10/18 23:18:23 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Documents\NPE.exe
[2011/10/18 10:08:38 | 000,096,858 | ---- | M] () -- C:\Documents and Settings\Bobby\My Documents\4ZGVI7HEA.wav
[2011/10/17 08:02:54 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/14 20:02:01 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/10/14 20:00:09 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/13 03:18:35 | 000,506,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:18:35 | 000,088,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 03:11:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 23:59:06 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/09 12:24:21 | 000,020,470 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\MVTHealthCheck_Deviation.html
[2011/10/09 12:18:11 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/10/04 15:26:09 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\Google Chrome.lnk
[2011/10/04 15:26:09 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/02 16:16:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/02 15:38:01 | 000,394,544 | ---- | M] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\census.cache
[2011/10/02 15:38:00 | 000,228,978 | ---- | M] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\ars.cache
[9 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Bobby\Desktop\*.tmp files -> C:\Documents and Settings\Bobby\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/29 19:33:17 | 004,300,800 | ---- | C] () -- C:\ffastunT.ffl
[2011/10/29 16:45:21 | 000,222,291 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\Startup Error Messages.JPG
[2011/10/28 23:11:31 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\CKScanner.exe
[2011/10/27 09:37:58 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
[2011/10/27 09:37:58 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
[2011/10/19 09:30:40 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/18 23:40:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 10:08:38 | 000,096,858 | ---- | C] () -- C:\Documents and Settings\Bobby\My Documents\4ZGVI7HEA.wav
[2011/10/14 20:00:09 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/09 12:24:21 | 000,020,470 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\MVTHealthCheck_Deviation.html
[2011/10/02 16:06:17 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2011/09/15 13:50:26 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\530cb548
[2011/09/15 13:01:13 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\2c0ccdb2
[2011/09/14 23:53:28 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\3ba945b7
[2011/09/14 23:52:10 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\db74ba48
[2011/06/09 23:30:56 | 000,394,544 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\census.cache
[2011/06/09 23:30:44 | 000,228,978 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\ars.cache
[2011/01/26 22:46:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/12/18 14:26:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yrikagurin.dat
[2010/12/18 14:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nlonusolet.bin
[2010/11/04 12:17:23 | 000,212,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/07/11 00:40:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/11 00:40:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 00:40:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 00:40:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 00:40:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/10 23:04:51 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/10 23:04:49 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/10 23:04:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/06/14 21:35:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\housecall.guid.cache
[2010/04/05 22:51:11 | 000,013,486 | -HS- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\K6sEH5Ir2Is
[2010/04/05 22:51:11 | 000,013,486 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
[2010/04/03 22:55:32 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/28 23:56:53 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/21 22:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/11/28 00:39:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\fusioncache.dat
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/30 06:48:30 | 000,068,512 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/30 00:09:20 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/12/04 00:24:15 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/04 00:24:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/04 00:24:03 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/04 00:24:03 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/04 00:24:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/08/18 22:30:15 | 000,641,021 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/08/18 22:30:15 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2008/08/18 22:30:15 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\Lame_enc.dll
[2008/08/18 22:30:15 | 000,001,674 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/08/18 22:13:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/08/17 17:22:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/24 09:39:30 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\DMX.bmk
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/16 22:14:38 | 000,001,244 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/03/16 16:35:32 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/03/16 16:35:32 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\PnkBstrK.sys
[2008/03/16 16:35:16 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/03/16 16:35:15 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/03/16 16:35:14 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/03/15 16:06:24 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008/01/23 20:20:36 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/01/23 20:09:09 | 000,000,057 | ---- | C] () -- C:\WINDOWS\Taxact06.ini
[2007/10/19 22:20:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/04 11:19:06 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/01 22:05:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\$_hpcst$.hpc
[2007/08/31 16:56:46 | 000,219,136 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/31 14:37:57 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2007/08/29 22:21:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/08/29 04:48:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/29 04:47:23 | 001,588,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/28 22:03:29 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/08/28 22:00:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/08/28 22:00:12 | 000,012,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/08/28 22:00:10 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/08/28 22:00:10 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/08/28 21:27:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/08/28 20:59:04 | 000,014,504 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/08/28 20:58:56 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/08/28 20:58:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/08/28 20:58:47 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/28 20:56:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/28 20:53:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/05/31 19:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,506,298 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,088,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bobby\My Documents\Turtle Lake 2.tif:Roxio EMC Stream
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F

< End of report >

OTL Extras logfile created on: 10/30/2011 4:08:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.41% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 23.19 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1259.18 Gb Free Space | 67.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 101.93 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Computer Name: MAINTENANCE | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8219:TCP" = 8219:TCP:*:Enabled:BitComet 8219 TCP
"8219:UDP" = 8219:UDP:*:Enabled:BitComet 8219 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe" = C:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra\FEAR\fpupdate.exe" = C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\FEARMP.exe" = C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Documents and Settings\Bobby\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Bobby\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Steam\steamapps\common\doom 3\Doom3.exe" = C:\Program Files\Steam\steamapps\common\doom 3\Doom3.exe:*:Enabled:Doom 3 -- (id Software)
"C:\Program Files\Steam\steamapps\common\commander keen\testapp3.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp3.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\commander keen\testapp4.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp4.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\commander keen\testapp5.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp5.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock -- ()
"C:\Program Files\Steam\steamapps\common\doom 2\doom2.bat" = C:\Program Files\Steam\steamapps\common\doom 2\doom2.bat:*:Enabled:Doom 2 -- ()
"C:\Documents and Settings\Guest\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Guest\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Documents and Settings\Bobby\My Documents\My Downloads\utorrent.exe" = C:\Documents and Settings\Bobby\My Documents\My Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe" = C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Steam\steamapps\common\dead space\Dead Space.exe" = C:\Program Files\Steam\steamapps\common\dead space\Dead Space.exe:*:Enabled:Dead Space -- ()
"C:\Program Files\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space -- ()
"C:\Program Files\Steam\reinstall\Steam.exe" = C:\Program Files\Steam\reinstall\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\reinstall\steamapps\common\duke nukem forever\System\DukeForever.exe" = C:\Program Files\Steam\reinstall\steamapps\common\duke nukem forever\System\DukeForever.exe:*:Enabled:Duke Nukem Forever -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2 + mouse.bat" = C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2 + mouse.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2.bat" = C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Steam\reinstall\steamapps\myxlplyxxx\counter-strike source\hl2.exe" = C:\Program Files\Steam\reinstall\steamapps\myxlplyxxx\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\reinstall\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\DAOriginsLauncher.exe" = C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Ultimate Edition -- (BioWare)
"C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins - Ultimate Edition -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E6C0673-591F-4893-8E9F-3FA161C35357}" = StoneCAD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate DiscWizard
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{530FF7DA-96F1-41F9-88C0-BAFCEC963905}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF363EA8-CB9F-40EC-90E0-A46AD9C78EB0}" = Laugh, Smile & Learn™
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE8DD809-A406-40E2-AB9F-28E69E737383}" = PKZIP for Windows 9.00.0010
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AXIS Media Control" = AXIS Media Control
"CAL" = Canon Camera Access Library
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.6
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy DVD Rip" = Easy DVD Rip
"Easy-Hide-IP_is1" = Easy-Hide-IP 3.6
"EOS Utility" = Canon Utilities EOS Utility
"Excel" = Microsoft Excel 97
"Google Desktop" = Google Desktop
"Halo 2" = Halo 2 for Windows Vista
"HMIP50_is1" = Hide My IP 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (ahead software)
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 240" = Counter-Strike: Source
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 57900" = Duke Nukem Forever
"Steam App 7670" = BioShock
"SystemRequirementsLab" = System Requirements Lab
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Oklahoma" = TaxACT 2008 Oklahoma
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Oklahoma" = TaxACT 2009 Oklahoma
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Oklahoma" = TaxACT 2010 Oklahoma
"TaxACT Oklahoma 2007" = TaxACT Oklahoma 2007
"Total 3D Home and Landscape Deluxe Suite" = Total 3D Home and Landscape Deluxe Suite
"TrueSwitch Wizard AT&T Yahoo!" = TrueSwitch Wizard AT&T Yahoo!
"Universal Extractor_is1" = Universal Extractor 1.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2011 5:00:27 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:27 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:29 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/20/2011 1:41:31 AM | Computer Name = MAINTENANCE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2812 (0xafc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.374
/ 5400.1158 Object being scanned = \Device\HarddiskVolume4\HFC CONCRETE\PHOTOS\2010\6
- October\10-8\10-8 022.jpg by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/27/2011 3:11:28 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/27/2011 3:12:08 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/27/2011 3:12:20 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 10/27/2011 10:37:03 AM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 10/27/2011 10:38:37 AM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/27/2011 10:26:16 PM | Computer Name = MAINTENANCE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/28/2011 5:46:38 AM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7034
Description = The HideMyIpSRV service terminated unexpectedly. It has done this
1 time(s).

Error - 10/28/2011 6:14:43 AM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7034
Description = The HideMyIpSRV service terminated unexpectedly. It has done this
2 time(s).

Error - 10/29/2011 5:38:53 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/29/2011 5:39:42 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12507

Error - 10/29/2011 5:41:57 PM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/29/2011 6:17:24 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12507

Error - 10/29/2011 6:34:01 PM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >

#9 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 30 October 2011 - 06:32 PM

OTL Extras logfile created on: 10/30/2011 4:08:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bobby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.41% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 23.19 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1259.18 Gb Free Space | 67.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 101.93 Gb Free Space | 34.19% Space Free | Partition Type: NTFS

Computer Name: MAINTENANCE | User Name: Bobby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8219:TCP" = 8219:TCP:*:Enabled:BitComet 8219 TCP
"8219:UDP" = 8219:UDP:*:Enabled:BitComet 8219 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe" = C:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra\FEAR\fpupdate.exe" = C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate -- ()
"C:\Program Files\Sierra\FEAR\FEAR.exe" = C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Program Files\Sierra\FEAR\FEARMP.exe" = C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Documents and Settings\Bobby\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Bobby\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Steam\steamapps\common\doom 3\Doom3.exe" = C:\Program Files\Steam\steamapps\common\doom 3\Doom3.exe:*:Enabled:Doom 3 -- (id Software)
"C:\Program Files\Steam\steamapps\common\commander keen\testapp3.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp3.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\commander keen\testapp4.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp4.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\commander keen\testapp5.bat" = C:\Program Files\Steam\steamapps\common\commander keen\testapp5.bat:*:Enabled:Commander Keen Complete Pack -- ()
"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock -- ()
"C:\Program Files\Steam\steamapps\common\doom 2\doom2.bat" = C:\Program Files\Steam\steamapps\common\doom 2\doom2.bat:*:Enabled:Doom 2 -- ()
"C:\Documents and Settings\Guest\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Guest\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Documents and Settings\Bobby\My Documents\My Downloads\utorrent.exe" = C:\Documents and Settings\Bobby\My Documents\My Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe" = C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Steam\steamapps\common\dead space\Dead Space.exe" = C:\Program Files\Steam\steamapps\common\dead space\Dead Space.exe:*:Enabled:Dead Space -- ()
"C:\Program Files\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\dead space\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dead Space -- ()
"C:\Program Files\Steam\reinstall\Steam.exe" = C:\Program Files\Steam\reinstall\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\reinstall\steamapps\common\duke nukem forever\System\DukeForever.exe" = C:\Program Files\Steam\reinstall\steamapps\common\duke nukem forever\System\DukeForever.exe:*:Enabled:Duke Nukem Forever -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2 + mouse.bat" = C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2 + mouse.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2.bat" = C:\Program Files\Steam\reinstall\steamapps\common\doom 2\doom2.bat:*:Enabled:DOOM II: Hell on Earth -- ()
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Steam\reinstall\steamapps\myxlplyxxx\counter-strike source\hl2.exe" = C:\Program Files\Steam\reinstall\steamapps\myxlplyxxx\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\bioshock\Builds\Release\Bioshock.exe" = C:\Program Files\Steam\reinstall\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock -- ()
"C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\DAOriginsLauncher.exe" = C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Ultimate Edition -- (BioWare)
"C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\reinstall\steamapps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins - Ultimate Edition -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E6C0673-591F-4893-8E9F-3FA161C35357}" = StoneCAD 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate DiscWizard
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{530FF7DA-96F1-41F9-88C0-BAFCEC963905}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF363EA8-CB9F-40EC-90E0-A46AD9C78EB0}" = Laugh, Smile & Learn™
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE8DD809-A406-40E2-AB9F-28E69E737383}" = PKZIP for Windows 9.00.0010
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AXIS Media Control" = AXIS Media Control
"CAL" = Canon Camera Access Library
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.6
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy DVD Rip" = Easy DVD Rip
"Easy-Hide-IP_is1" = Easy-Hide-IP 3.6
"EOS Utility" = Canon Utilities EOS Utility
"Excel" = Microsoft Excel 97
"Google Desktop" = Google Desktop
"Halo 2" = Halo 2 for Windows Vista
"HMIP50_is1" = Hide My IP 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (ahead software)
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 240" = Counter-Strike: Source
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 57900" = Duke Nukem Forever
"Steam App 7670" = BioShock
"SystemRequirementsLab" = System Requirements Lab
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Oklahoma" = TaxACT 2008 Oklahoma
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Oklahoma" = TaxACT 2009 Oklahoma
"TaxACT 2010" = TaxACT 2010
"TaxACT 2010 Oklahoma" = TaxACT 2010 Oklahoma
"TaxACT Oklahoma 2007" = TaxACT Oklahoma 2007
"Total 3D Home and Landscape Deluxe Suite" = Total 3D Home and Landscape Deluxe Suite
"TrueSwitch Wizard AT&T Yahoo!" = TrueSwitch Wizard AT&T Yahoo!
"Universal Extractor_is1" = Universal Extractor 1.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2011 5:00:27 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:27 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:28 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/18/2011 5:00:29 AM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/20/2011 1:41:31 AM | Computer Name = MAINTENANCE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2812 (0xafc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.374
/ 5400.1158 Object being scanned = \Device\HarddiskVolume4\HFC CONCRETE\PHOTOS\2010\6
- October\10-8\10-8 022.jpg by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/27/2011 3:11:28 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/27/2011 3:12:08 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/27/2011 3:12:20 PM | Computer Name = MAINTENANCE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 10/27/2011 10:37:03 AM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 10/27/2011 10:38:37 AM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/27/2011 10:26:16 PM | Computer Name = MAINTENANCE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/28/2011 5:46:38 AM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7034
Description = The HideMyIpSRV service terminated unexpectedly. It has done this
1 time(s).

Error - 10/28/2011 6:14:43 AM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7034
Description = The HideMyIpSRV service terminated unexpectedly. It has done this
2 time(s).

Error - 10/29/2011 5:38:53 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/29/2011 5:39:42 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12507

Error - 10/29/2011 5:41:57 PM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/29/2011 6:17:24 PM | Computer Name = MAINTENANCE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12507

Error - 10/29/2011 6:34:01 PM | Computer Name = MAINTENANCE | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:56 AM

Posted 31 October 2011 - 03:14 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#11 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 November 2011 - 07:08 PM

Okay.. search results are not redirecting anymore. I am still getting the Desktop.ini document splash on startup. Seems that programs are still very slow to start. EST scanner took a while so I haven't run the new DDS log yet. I will post that log tomorrow. ESET found several threats and Trojans. See log below.

C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\1\d5b9dc1-1e09455d OSX/Exploit.Smid.C trojan
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\36\1706ee64-608f3722 a variant of Java/TrojanDownloader.OpenStream.NAY trojan
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\36\1706ee64-7aba17a7 a variant of Java/TrojanDownloader.OpenStream.NAY trojan
C:\Documents and Settings\Bobby\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\odfplhkcpcffkjpmioepacimbpkgegfn\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Bobby\My Documents\Downloads\cnet_ComboFix_exe.exe a variant of Win32/InstallCore.D application
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{5b71a9c7-7772-4bd0-b626-222ff1c4fead}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{9d352e37-7a6b-4758-a104-8900d2236133}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{cbb8c1bd-da01-41f2-b801-8bba95b8b910}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2y2qf0r6.default\extensions\{d69420c2-18db-4793-8853-d581c6fb5439}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP10\A0001280.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP11\A0002409.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP12\A0002445.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP12\A0002575.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP13\A0003381.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP14\A0003445.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP14\A0003723.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP15\A0003748.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP15\A0004765.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP16\A0004872.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP17\A0004902.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP18\A0004933.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP18\A0004964.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP21\A0005309.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP21\A0005310.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP21\A0005311.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP21\A0005312.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP5\A0001135.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP6\A0001167.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP7\A0001183.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{4F970D99-87FF-45FE-B294-A493C4161963}\RP8\A0001197.manifest Win32/TrojanDownloader.Tracur.F trojan

#12 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 November 2011 - 07:14 PM

Oh... and for some reason during the scan... my RealTek Audio manager kept registering that a new audio device cable was being plugged in.. even though I hadn't removed or plugged in any new cables! It was kind of spooky... like something kept pluggin in a new cable...and it was on Halloween. Ghosts?!

Seriously though.. that really did happen. You think the ESET virus scan could have been interfering with my audio control panel? ....or was it ghosts? :)

#13 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 November 2011 - 07:40 PM

..and why does it register ComboFix as a threat?

C:\Documents and Settings\Bobby\My Documents\Downloads\cnet_ComboFix_exe.exe a variant of Win32/InstallCore.D application

#14 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 November 2011 - 10:32 PM

Oh.. my McAfee started up and found the following.
Attached File  McAfee Scan 01.JPG   53.26KB   1 downloads

Also, the following tracking cookies were found.. evil?
Attached File  McAfee Scan 02.JPG   44.4KB   1 downloads

Running new DDS log now. Will post when it's complete.

#15 myxlplyxx

myxlplyxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 November 2011 - 10:39 PM

Here is the new DDS logs. That was fast.. the ESET scan almost took 18 hours..

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bobby at 22:39:52 on 2011-11-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1275 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111010150527.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188353667421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6028/mcfscan.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://extranet.flintcorp.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
TCP: DhcpNameServer = 68.12.16.25 68.12.16.30
TCP: Interfaces\{24ABB9D6-B10A-49D7-B2CB-16239DE26478} : DhcpNameServer = 68.12.16.25 68.12.16.30
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bobby\application data\mozilla\firefox\profiles\2y2qf0r6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\bobby\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\bobby\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\bobby\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-9-2 8192]
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-10-2 64048]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 461864]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-5-24 137728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-2 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-10-2 54776]
R1 NEOFLTR_710_18193;Juniper Networks TDI Filter Driver (NEOFLTR_710_18193);c:\windows\system32\drivers\NEOFLTR_710_18193.SYS [2011-7-14 84336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-9-2 304128]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-6-25 25832]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-9 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-2 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-2 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-2 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-2 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-8-29 37376]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-2 57432]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2010-7-18 3039536]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-2 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-2 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-2 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83688]
S1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-2 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-2 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-28 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-01 02:44:59 -------- d-----w- c:\program files\ESET
2011-10-19 14:35:44 -------- d-----w- c:\documents and settings\bobby\application data\SUPERAntiSpyware.com
2011-10-19 14:30:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 14:30:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-19 04:39:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 04:39:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-02 21:16:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-04 22:34:53 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-04 22:34:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-04 22:19:17 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-19 20:59:30 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-08-17 13:49:54 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-08-15 15:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-08-15 15:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-08-15 15:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 15:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 22:41:40.81 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users