Thanks!
Packed.Generic.200/ can't run system resotore, MBAM....
Started by
tm09
, May 31 2009 04:31 AM
#1
Posted 31 May 2009 - 04:31 AM
tm09
-
- Member
-
- 2 posts
New Member
Thanks!
#2
Posted 31 May 2009 - 08:21 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Hello tm09
Welcome to G2Go.
=====================
Download This file. Note its name and save it to your root folder, such as C:\.
Welcome to G2Go.
=====================
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Standard Registry box change it to All.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Download This file. Note its name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "Yes" to begin the scan.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
#3
Posted 01 June 2009 - 03:59 PM
tm09
- Topic Starter
-
- Member
-
- 2 posts
New Member
OTL logfile created on: 6/1/2009 6:55:52 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 136.88 Mb Available Physical Memory | 27.27% Memory free
1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 16.14 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMIMACKAY
Current User Name: Tami Mackay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMConnectCDS [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\5U870CAP.sys (Ricoh)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090528.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090530.017\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090530.017\NAVEX15.SYS (Symantec Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\WINDOWS\ieocx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmi...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237412892859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242201911859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westp...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{470d08b7-1403-11de-b00e-0018de7c12ea}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\setup.exe -- [2008/04/14 09:42:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/01 18:55:02 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/05/31 19:22:19 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/31 19:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/31 19:22:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/31 19:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/31 18:58:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
[2009/05/31 18:53:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/31 18:51:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/31 18:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2009/05/31 18:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\BullGuard
[2009/05/29 21:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2009/05/29 21:28:23 | 00,561,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/05/29 21:22:04 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/05/29 21:21:56 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/05/29 21:21:56 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/05/29 21:21:56 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/05/29 21:21:56 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/05/29 21:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/05/29 21:21:45 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/05/29 21:21:40 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/05/29 21:21:40 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/05/29 21:21:40 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/05/29 21:21:39 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/05/29 21:21:39 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/05/29 21:21:39 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/05/29 21:21:39 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/05/29 21:21:39 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/05/29 21:21:39 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/05/29 21:21:39 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/05/29 21:21:26 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/05/29 21:21:26 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/05/29 21:21:26 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/05/29 21:21:26 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/05/29 21:21:26 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/05/29 21:21:26 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/05/29 21:21:26 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/05/29 21:21:16 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/05/29 21:21:16 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/05/29 21:21:16 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/05/29 21:21:16 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/05/29 21:21:16 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/05/29 21:21:16 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/05/29 21:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1005000.087
[2009/05/29 21:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/29 21:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/05/16 20:47:24 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Tami Mackay\Application Data\asd.bat
[2009/05/16 20:45:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\ieocx.dll
[2009/05/15 17:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Desktop\New to print
[2009/05/14 17:55:07 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/05/14 17:55:07 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/05/13 20:45:11 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 20:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\skypePM
[2009/05/13 20:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/05/13 20:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/05/13 20:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/05/13 17:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/13 16:50:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\ICAClient
[2009/05/03 10:11:44 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Tami Mackay\Desktop\budget.xls
[2006/09/12 16:59:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 16:55:15 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 16:40:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 16:27:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/30 04:48:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/30 04:16:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/30 04:13:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/30 03:43:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 20:30:42 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/04 16:37:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/03 03:39:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/07 03:36:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/17 05:54:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[1999/01/23 12:16:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== Files - Modified Within 30 Days ==========
[2009/06/01 18:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/01 18:45:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/01 18:45:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/01 18:45:20 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/29 21:28:28 | 00,561,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/05/29 21:21:56 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/05/29 21:21:56 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/05/29 21:21:56 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/05/29 21:21:56 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/05/29 21:21:45 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/05/29 21:21:40 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/05/29 21:21:40 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/05/29 21:21:40 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/05/29 21:21:39 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/05/29 21:21:39 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/05/29 21:21:39 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/05/29 21:21:39 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/05/29 21:21:39 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/05/29 21:21:39 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/05/29 21:21:39 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/05/29 21:21:39 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/05/29 21:21:26 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/05/29 21:21:26 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/05/29 21:21:26 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/05/29 21:21:26 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/05/29 21:21:26 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/05/29 21:21:26 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/05/29 21:21:26 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/05/29 21:21:16 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/05/29 21:21:16 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/05/29 21:21:16 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/05/29 21:21:16 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/05/29 21:21:16 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/05/29 21:21:16 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/05/29 20:38:53 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\My Documents\My Sharing Folders.lnk
[2009/05/27 20:41:59 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\Desktop\budget.xls
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/16 20:47:24 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\Application Data\asd.bat
[2009/05/16 20:45:57 | 00,028,672 | ---- | M] () -- C:\WINDOWS\ieocx.dll
[2009/05/13 20:45:11 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 20:44:50 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/05/07 18:00:33 | 00,391,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/07 18:00:33 | 00,056,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 18:00:32 | 00,453,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/07 16:46:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== LOP Check ==========
[2009/05/31 18:09:18 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/19 06:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/31 18:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2009/03/19 06:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/05/31 19:22:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 21:45:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/29 21:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/05/29 21:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/05/13 20:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/03/19 06:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/02 02:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/03/19 06:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/05/31 17:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/13 18:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/19 07:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/31 18:06:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tami Mackay\Application Data
[2009/03/20 06:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Adobe
[2009/03/25 20:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\AdobeUM
[2009/05/31 18:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\BullGuard
[2009/05/13 16:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\ICAClient
[2009/03/19 06:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Identities
[2009/03/19 06:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Intuit
[2009/03/21 07:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Leadertech
[2009/03/19 07:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Macromedia
[2009/05/13 19:41:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Microsoft
[2009/03/24 07:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Microsoft Web Folders
[2009/04/29 20:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Serif
[2009/05/13 20:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Skype
[2009/05/13 20:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\skypePM
[2009/03/19 07:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Sun
[2006/03/16 13:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/01 18:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/1/2009 6:55:52 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 136.88 Mb Available Physical Memory | 27.27% Memory free
1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 16.14 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMIMACKAY
Current User Name: Tami Mackay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/29/2009 6:42:51 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
[ System Events ]
Error - 5/4/2009 8:58:12 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 8:58:17 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 5/4/2009 9:05:24 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 9:07:32 AM | Computer Name = TAMIMACKAY | Source = DCOM | ID = 10010
Description = The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register
with DCOM within the required timeout.
Error - 5/4/2009 9:10:58 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 5/4/2009 9:11:02 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Message Queuing service terminated unexpectedly. It has done
this 1 time(s).
Error - 5/4/2009 9:11:17 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Message Queuing Triggers service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/4/2009 9:11:30 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 9:11:34 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.
Error - 5/6/2009 6:43:25 AM | Computer Name = TAMIMACKAY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.2 on
the Network Card with network address 0018DE7C12EA.
< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-02 07:22:46
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 81F01CF8 ZwEnumerateKey
Code 81F04828 ZwFlushInstructionCache
Code 81F01AE6 IofCallDriver
Code 81F00696 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 81F01AEB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 81F0069B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 81F0482C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 81F01CFC
? SYMEFA.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 04080034
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 040800B8
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 0408013F
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9F9F0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EA0A60 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E9FDA0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\spoolsv.exe[748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\spoolsv.exe[748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\spoolsv.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\ctfmon.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\ctfmon.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\ctfmon.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\ehome\ehtray.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B0000A
.text C:\WINDOWS\ehome\ehtray.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B1000A
.text C:\WINDOWS\ehome\ehtray.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\msdtc.exe[1156] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\msdtc.exe[1156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\msdtc.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0086000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\explorer.exe[1884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C8000A
.text C:\WINDOWS\explorer.exe[1884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C9000A
.text C:\WINDOWS\explorer.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2096] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2096] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\ehome\mcrdsvc.exe[2260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0061000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehmsas.exe[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehmsas.exe[2716] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\svchost.exe[3028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\GEEKSqjs2888m.exe[3120] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\GEEKSqjs2888m.exe[3120] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008A000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008B000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\dllhost.exe[3272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\dllhost.exe[3272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\dllhost.exe[3272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\System32\alg.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 041C0034
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 041C00B8
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 041C013F
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9F9F0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EA0A60 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E9FDA0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [380] 0x00E90000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [596] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [788] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1600] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1676] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1724] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1792] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1992] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3028] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4044] 0x00E90000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACyqmltlwxwbrsior.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgixgekxmpjrwewf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACregvrtkdvibnyfy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACavheeiciqxutxti.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvfvkborcvqmysbq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACdlbppmbgvptiiew.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACnbqgoxkmpssxuer.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqhcpbqdnnmcklfw.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACbmqpqmiwutkbwdh.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgixgekxmpjrwewf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACregvrtkdvibnyfy.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACavheeiciqxutxti.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvfvkborcvqmysbq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACdlbppmbgvptiiew.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACnbqgoxkmpssxuer.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqhcpbqdnnmcklfw.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACbmqpqmiwutkbwdh.log
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Tami Mackay\Local Settings\Temp\UAC5570.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACyqmltlwxwbrsior.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACavheeiciqxutxti.dll 19968 bytes executable
File C:\WINDOWS\system32\UACdlbppmbgvptiiew.dll 19968 bytes executable
File C:\WINDOWS\system32\UACftiangmwutobxly.dll 66560 bytes
File C:\WINDOWS\system32\UACgixgekxmpjrwewf.dll 24064 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5933 bytes
File C:\WINDOWS\system32\UACnbqgoxkmpssxuer.log 1845 bytes
File C:\WINDOWS\system32\UACregvrtkdvibnyfy.dat 224 bytes
File C:\WINDOWS\system32\UACvfvkborcvqmysbq.dll 17408 bytes executable
---- EOF - GMER 1.0.15 ----
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 136.88 Mb Available Physical Memory | 27.27% Memory free
1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 16.14 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMIMACKAY
Current User Name: Tami Mackay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AddFiltr [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMConnectCDS [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (5U870CAP_VID_1262&PID_25FD [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\5U870CAP.sys (Ricoh)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090528.001\IDSxpx86.sys (Symantec Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090530.017\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090530.017\NAVEX15.SYS (Symantec Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (WinInet Class) - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\WINDOWS\ieocx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmi...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237412892859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242201911859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} https://online.westp...iomanagerwt.cab (PortfolioManagerWT ProfileManager Class)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{470d08b7-1403-11de-b00e-0018de7c12ea}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\setup.exe -- [2008/04/14 09:42:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/01 18:55:02 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/05/31 19:22:19 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/31 19:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/31 19:22:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/31 19:22:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/31 18:58:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
[2009/05/31 18:53:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/31 18:51:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/31 18:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2009/05/31 18:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\BullGuard
[2009/05/29 21:39:44 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Support
[2009/05/29 21:28:23 | 00,561,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/05/29 21:22:04 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/05/29 21:21:56 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/05/29 21:21:56 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/05/29 21:21:56 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/05/29 21:21:56 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/05/29 21:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/05/29 21:21:45 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/05/29 21:21:40 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/05/29 21:21:40 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/05/29 21:21:40 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/05/29 21:21:39 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/05/29 21:21:39 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/05/29 21:21:39 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/05/29 21:21:39 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/05/29 21:21:39 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/05/29 21:21:39 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/05/29 21:21:39 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/05/29 21:21:26 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/05/29 21:21:26 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/05/29 21:21:26 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/05/29 21:21:26 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/05/29 21:21:26 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/05/29 21:21:26 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/05/29 21:21:26 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/05/29 21:21:16 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/05/29 21:21:16 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/05/29 21:21:16 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/05/29 21:21:16 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/05/29 21:21:16 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/05/29 21:21:16 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/05/29 21:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1005000.087
[2009/05/29 21:21:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/05/29 21:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/29 21:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/05/16 20:47:24 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Tami Mackay\Application Data\asd.bat
[2009/05/16 20:45:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\ieocx.dll
[2009/05/15 17:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Desktop\New to print
[2009/05/14 17:55:07 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/05/14 17:55:07 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/05/13 20:45:11 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 20:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\skypePM
[2009/05/13 20:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/05/13 20:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/05/13 20:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/05/13 17:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/05/13 16:50:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tami Mackay\Application Data\ICAClient
[2009/05/03 10:11:44 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Tami Mackay\Desktop\budget.xls
[2006/09/12 16:59:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 16:55:15 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 16:40:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 16:27:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/30 04:48:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/30 04:16:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/30 04:13:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/30 03:43:22 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 20:30:42 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/04 16:37:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/03 03:39:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/07 03:36:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/17 05:54:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[1999/01/23 12:16:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== Files - Modified Within 30 Days ==========
[2009/06/01 18:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/01 18:45:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/01 18:45:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/01 18:45:20 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/29 21:28:28 | 00,561,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\Cat.DB
[2009/05/29 21:21:56 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/05/29 21:21:56 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/05/29 21:21:56 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/05/29 21:21:56 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/05/29 21:21:45 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/05/29 21:21:40 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symtdi.sys
[2009/05/29 21:21:40 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndisv.sys
[2009/05/29 21:21:40 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symndis.sys
[2009/05/29 21:21:39 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\cchpx86.sys
[2009/05/29 21:21:39 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.sys
[2009/05/29 21:21:39 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.sys
[2009/05/29 21:21:39 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.sys
[2009/05/29 21:21:39 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symfw.sys
[2009/05/29 21:21:39 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.sys
[2009/05/29 21:21:39 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/05/29 21:21:39 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1005000.087\symids.sys
[2009/05/29 21:21:26 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.inf
[2009/05/29 21:21:26 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.inf
[2009/05/29 21:21:26 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.inf
[2009/05/29 21:21:26 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.inf
[2009/05/29 21:21:26 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.inf
[2009/05/29 21:21:26 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.inf
[2009/05/29 21:21:26 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\isolate.ini
[2009/05/29 21:21:16 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymNet.cat
[2009/05/29 21:21:16 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\SymEFA.cat
[2009/05/29 21:21:16 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtspx.cat
[2009/05/29 21:21:16 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\BHDrvx86.CAT
[2009/05/29 21:21:16 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\srtsp.cat
[2009/05/29 21:21:16 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1005000.087\ccHPx86.cat
[2009/05/29 20:38:53 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\My Documents\My Sharing Folders.lnk
[2009/05/27 20:41:59 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\Desktop\budget.xls
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/16 20:47:24 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Tami Mackay\Application Data\asd.bat
[2009/05/16 20:45:57 | 00,028,672 | ---- | M] () -- C:\WINDOWS\ieocx.dll
[2009/05/13 20:45:11 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 20:44:50 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/05/07 18:00:33 | 00,391,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/07 18:00:33 | 00,056,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/07 18:00:32 | 00,453,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/07 16:46:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== LOP Check ==========
[2009/05/31 18:09:18 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/19 06:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/31 18:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2009/03/19 06:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/19 06:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/05/31 19:22:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 21:45:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/29 21:22:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/05/29 21:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/05/13 20:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/03/19 06:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/02 02:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/03/19 06:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/05/31 17:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/13 18:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/19 07:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/31 18:06:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tami Mackay\Application Data
[2009/03/20 06:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Adobe
[2009/03/25 20:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\AdobeUM
[2009/05/31 18:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\BullGuard
[2009/05/13 16:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\ICAClient
[2009/03/19 06:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Identities
[2009/03/19 06:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Intuit
[2009/03/21 07:31:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Leadertech
[2009/03/19 07:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Macromedia
[2009/05/13 19:41:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Microsoft
[2009/03/24 07:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Microsoft Web Folders
[2009/04/29 20:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Serif
[2009/05/13 20:45:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Skype
[2009/05/13 20:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\skypePM
[2009/03/19 07:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tami Mackay\Application Data\Sun
[2006/03/16 13:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/01 18:45:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/1/2009 6:55:52 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Tami Mackay\Desktop\Geeks2Go virus removal stuff
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
501.98 Mb Total Physical Memory | 136.88 Mb Available Physical Memory | 27.27% Memory free
1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 16.14 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TAMIMACKAY
Current User Name: Tami Mackay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/29/2009 6:42:51 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/29/2009 6:44:06 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/30/2009 6:56:31 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 4/30/2009 7:46:39 AM | Computer Name = TAMIMACKAY | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
[ System Events ]
Error - 5/4/2009 8:58:12 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 8:58:17 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 5/4/2009 9:05:24 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 9:07:32 AM | Computer Name = TAMIMACKAY | Source = DCOM | ID = 10010
Description = The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register
with DCOM within the required timeout.
Error - 5/4/2009 9:10:58 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 5/4/2009 9:11:02 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Message Queuing service terminated unexpectedly. It has done
this 1 time(s).
Error - 5/4/2009 9:11:17 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Message Queuing Triggers service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/4/2009 9:11:30 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7034
Description = The Distributed Transaction Coordinator service terminated unexpectedly.
It has done this 1 time(s).
Error - 5/4/2009 9:11:34 AM | Computer Name = TAMIMACKAY | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.
Error - 5/6/2009 6:43:25 AM | Computer Name = TAMIMACKAY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.2 on
the Network Card with network address 0018DE7C12EA.
< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-02 07:22:46
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 81F01CF8 ZwEnumerateKey
Code 81F04828 ZwFlushInstructionCache
Code 81F01AE6 IofCallDriver
Code 81F00696 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 81F01AEB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 81F0069B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 81F0482C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 81F01CFC
? SYMEFA.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 04080034
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 040800B8
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 0408013F
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9F9F0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EA0A60 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E9FDA0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Internet Explorer\Iexplore.exe[380] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[420] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\svchost.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[596] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\spoolsv.exe[748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\spoolsv.exe[748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\spoolsv.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\spoolsv.exe[748] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[788] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\ctfmon.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\ctfmon.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\ctfmon.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\ctfmon.exe[796] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\ehome\ehtray.exe[940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B0000A
.text C:\WINDOWS\ehome\ehtray.exe[940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B1000A
.text C:\WINDOWS\ehome\ehtray.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\ehome\ehtray.exe[940] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\taskmgr.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\taskmgr.exe[1004] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\eHome\ehRecvr.exe[1012] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\msdtc.exe[1156] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\msdtc.exe[1156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\msdtc.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\msdtc.exe[1156] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0086000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[1240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A
.text C:\WINDOWS\eHome\ehSched.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\eHome\ehSched.exe[1268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[1364] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\WINDOWS\system32\winlogon.exe[1364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[1416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\lsass.exe[1428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\lsass.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\lsass.exe[1428] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1600] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1676] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\svchost.exe[1724] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1792] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\explorer.exe[1884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C8000A
.text C:\WINDOWS\explorer.exe[1884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C9000A
.text C:\WINDOWS\explorer.exe[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\explorer.exe[1884] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\svchost.exe[1992] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2096] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2096] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\mqsvc.exe[2176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\mqsvc.exe[2176] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\ehome\mcrdsvc.exe[2260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0061000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehmsas.exe[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehmsas.exe[2716] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\mqtgsvc.exe[2912] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\svchost.exe[3028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\svchost.exe[3028] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\GEEKSqjs2888m.exe[3120] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\GEEKSqjs2888m.exe[3120] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008A000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008B000A
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe[3248] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
.text C:\WINDOWS\system32\dllhost.exe[3272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\dllhost.exe[3272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\dllhost.exe[3272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\system32\dllhost.exe[3272] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\WINDOWS\System32\alg.exe[3604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10004294
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100041C0
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100039A0
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002FEC
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002F3C
.text C:\WINDOWS\System32\alg.exe[3604] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10004188
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] kernel32.dll!VirtualProtect + 1C 7C801AF0 7 Bytes JMP 041C0034
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10014294
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 041C00B8
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 041C013F
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E9F9F0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EA0A60 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100141C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100139A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10012FEC
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E9FDA0 \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012F3C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4044] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10014188
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [380] 0x00E90000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [596] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [788] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1600] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1676] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1724] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1792] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1992] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3028] 0x00A80000
Library \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4044] 0x00E90000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACyqmltlwxwbrsior.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgixgekxmpjrwewf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACregvrtkdvibnyfy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACavheeiciqxutxti.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvfvkborcvqmysbq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACdlbppmbgvptiiew.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACnbqgoxkmpssxuer.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqhcpbqdnnmcklfw.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACbmqpqmiwutkbwdh.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyqmltlwxwbrsior.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgixgekxmpjrwewf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACregvrtkdvibnyfy.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACavheeiciqxutxti.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvfvkborcvqmysbq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACdlbppmbgvptiiew.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACftiangmwutobxly.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACnbqgoxkmpssxuer.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqhcpbqdnnmcklfw.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACbmqpqmiwutkbwdh.log
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Tami Mackay\Local Settings\Temp\UAC5570.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACyqmltlwxwbrsior.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACavheeiciqxutxti.dll 19968 bytes executable
File C:\WINDOWS\system32\UACdlbppmbgvptiiew.dll 19968 bytes executable
File C:\WINDOWS\system32\UACftiangmwutobxly.dll 66560 bytes
File C:\WINDOWS\system32\UACgixgekxmpjrwewf.dll 24064 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5933 bytes
File C:\WINDOWS\system32\UACnbqgoxkmpssxuer.log 1845 bytes
File C:\WINDOWS\system32\UACregvrtkdvibnyfy.dat 224 bytes
File C:\WINDOWS\system32\UACvfvkborcvqmysbq.dll 17408 bytes executable
---- EOF - GMER 1.0.15 ----
#4
Posted 02 June 2009 - 05:41 AM
kahdah
-
- Retired Staff
-
- 15,822 posts
GeekU Teacher
Run OTL
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2009/05/16 20:47:24 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Tami Mackay\Application Data\asd.bat [2009/05/16 20:45:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\ieocx.dll [2009/05/13 20:45:11 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat :Commands [emptytemp]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- It will produce a log for you on reboot, please post that log in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
