Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown infection on multiple computers on home network

Started by dllemmen , Jul 20 2010 12:35 PM

  • Please log in to reply

#1
dllemmen
Posted 20 July 2010 - 12:35 PM

dllemmen

    New Member

  • Member
  • Pip
  • 8 posts
Thanks for any help you can give me!!!

I've had some sort of virus(?) on my home network for quite a while. It has spread to all computers in the house except work ones that have superb security. I keep running scans, Malwarebytes, McAfee, Adaware; occasionally they find stuff but usually not, sometimes I think it's gone but things never quite work right and then it gets worse again. I've even wiped out one computer and reloaded windows and it didn't seem to get rid of it.

It usually starts with google search redirects, then eventually other search engines redirects, then extra windows popping up when a link is clicked. Sometimes it disables IE by changing the proxy server setting in LAN settings.

I've also checked the addons (looked normai) and the host file (deleted a bunch of junk on this computer).

It somehow seems to be related to user accounts. For a while I was able to keep it off my laptop by deleting a user account when it started acting weird and then creating a new one.

I went through the steps on this site to remove google redirects and nothing happened. Then I went through the steps for Virus, Spyware and Malware removal and am now here...

When it says to post my logs instead of attaching them, does that mean I should just copy and paste them right in here?

Again, thank you for any help you can give me!
  • 0

Advertisements

#2
RKinner
Posted 20 July 2010 - 05:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes just copy and paste your MBAM, GMER, OTL, Extras logs. Just from one computer at a time please.

Ron
  • 0

#3
dllemmen
Posted 22 July 2010 - 09:15 AM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks,
Here's what I have:

MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4333

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/20/2010 8:56:21 PM
mbam-log-2010-07-20 (20-56-21).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 173334
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-20 12:58:11
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\debbie\LOCALS~1\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764387E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7643BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF731DCA2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF731DC78]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF731DC8C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF731DCE2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF731DC14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF731DC28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF731DCB6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF731DC64]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF731DC50]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF731DD11]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF731DCF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF731DCCC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504ABC 7 Bytes JMP F731DCD0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F76 5 Bytes JMP F731DCA6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E3E 7 Bytes JMP F731DCE6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C4C 5 Bytes JMP F731DCFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7222 7 Bytes JMP F731DCBA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CA160 5 Bytes JMP F731DC18 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA3EC 5 Bytes JMP F731DC2C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCBAA 5 Bytes JMP F731DC54 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE96 7 Bytes JMP F731DC90 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFF4C 5 Bytes JMP F731DC7C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D0456 5 Bytes JMP F731DC68 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D1686 5 Bytes JMP F731DD15 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00870F8D
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00870078
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00870F9E
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0087005B
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00870FCA
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00870F70
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008700B8
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00870F44
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00870F55
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008700F8
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00870FB9
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00870FE5
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0087009D
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0087002C
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0087001B
.text C:\WINDOWS\system32\svchost.exe[256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008700D3
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 005D0FC3
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 005D005E
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 005D0014
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 005D0FDE
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 005D0F97
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 005D0FEF
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 005D0FB2
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [7D, 88] {JGE 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[256] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 005D0039
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 005C0044
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!system 77C293C7 5 Bytes JMP 005C0FB9
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 005C0018
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 005C0FEF
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 005C0029
.text C:\WINDOWS\system32\svchost.exe[256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 005C0FDE
.text C:\WINDOWS\system32\svchost.exe[256] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 005A0000
.text C:\WINDOWS\system32\svchost.exe[256] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 005A0011
.text C:\WINDOWS\system32\svchost.exe[256] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 005A0022
.text C:\WINDOWS\system32\svchost.exe[256] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 005A0FD1
.text C:\WINDOWS\system32\svchost.exe[256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 005B0FEF
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F88
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070062
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0007008E
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F52
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700B3
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00070F09
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[716] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070F2B
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F72
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FB9
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FCA
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0005000C
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005003A
.text C:\WINDOWS\system32\services.exe[716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[716] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F20F7C
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F20F97
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F20065
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F20054
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F20FB9
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F20F55
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F2009D
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F20F29
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F20F44
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00F20F0E
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00F20FA8
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00F2008C
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00F20FD4
.text C:\WINDOWS\system32\lsass.exe[728] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00F200B8
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F10FB2
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10F5A
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F10FC3
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F10FDE
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00F10F6B
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00F10F7C
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [11, 89]
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00F10FA1
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0F90
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FB5
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FD7
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FC6
.text C:\WINDOWS\system32\lsass.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\lsass.exe[728] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BD0091
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BD0076
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BD0065
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BD0FA8
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BD00B3
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BD0F77
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BD00CE
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BD0F2B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00BD0F1A
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00BD00A2
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BD0F50
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FDB
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0FA5
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0022
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0011
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0FAD
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0038
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB001D
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB000C
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FC8
.text C:\WINDOWS\system32\svchost.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[904] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B3007D
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F92
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B3006C
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B30051
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B300BA
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B300A9
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B300DF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B30F46
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B30F2B
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00B30098
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B30F57
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B20058
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20FDB
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00B20047
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [D2, 88]
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00B2002C
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10F86
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B10FAB
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B10FC6
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FE3
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02420FEF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02420067
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02420F68
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02420F83
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02420F94
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0242002F
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0242009F
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02420082
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02420F21
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024200BA
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02420F10
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02420040
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02420000
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02420F57
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02420FB9
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02420FCA
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02420F3C
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02410FB2
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02410F6B
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02410FC3
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02410FD4
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 02410F86
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 02410FE5
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 02410028
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 02410FA1
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02370F92
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 02370FB7
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02370016
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02370FEF
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02370027
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02370FD2
.text C:\WINDOWS\System32\svchost.exe[1064] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02360FE5
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02350FEF
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02350FD4
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02350FC3
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02350014
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1108] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1108] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760F77
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0076006C
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0076005B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00760F9E
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760FCA
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007600A2
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760F66
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00760F35
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007600CE
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00760F10
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00760FB9
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00760087
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00760FDB
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0076002C
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007600B3
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00750FDB
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00750F83
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0075002C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0075001B
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00750F94
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00750FAF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [95, 88]
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00750FC0
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740FA6
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740FC1
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00740016
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740FE3
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00740027
.text C:\WINDOWS\system32\svchost.exe[1156] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00740FD2
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007F0FEF
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007F0F58
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007F0F69
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007F0F86
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007F0F97
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007F0FCD
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007F0F0F
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007F0F20
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007F0EC8
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007F0EE3
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007F0072
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007F0FB2
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007F0F3D
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007F0FDE
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007F0025
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007F0EF4
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007E0040
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007E0F97
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007E0FE5
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007E0FA8
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [9E, 88]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D005F
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D004E
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0033
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0018
.text C:\WINDOWS\system32\svchost.exe[1264] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015D0000
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 015D0F77
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 015D0F88
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015D0F99
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 015D0058
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 015D0FC0
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 015D0F35
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 015D0087
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015D0F09
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015D0F1A
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 015D00B3
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 015D0047
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 015D0FE5
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 015D0F5C
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 015D002C
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 015D0011
.text C:\WINDOWS\Explorer.EXE[1700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 015D0098
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0128002E
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!system 77C293C7 5 Bytes JMP 01280FAD
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0128001D
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01280FE3
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01280FBE
.text C:\WINDOWS\Explorer.EXE[1700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01280000
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01560FC3
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01560076
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01560014
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01560FDE
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0156005B
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01560FEF
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0156004A
.text C:\WINDOWS\Explorer.EXE[1700] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 0156002F
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenA 3D95D690 3 Bytes JMP 01210000
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenA + 4 3D95D694 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenW 3D95DB09 3 Bytes JMP 01210FE5
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenW + 4 3D95DB0D 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenUrlA 3D95F3A4 3 Bytes JMP 01210FD4
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenUrlA + 4 3D95F3A8 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[1700] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0121001B
.text C:\WINDOWS\Explorer.EXE[1700] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01260000
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02540FEF
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02540067
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02540F72
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02540F83
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02540040
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02540F9E
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02540F35
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02540F46
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02540098
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02540F09
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02540EE4
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0254002F
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02540FD4
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02540F57
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02540FAF
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02540000
.text C:\WINDOWS\system32\wuauclt.exe[1932] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02540F24
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02520F7C
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!system 77C293C7 5 Bytes JMP 02520F97
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02520FCD
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02520FB2
.text C:\WINDOWS\system32\wuauclt.exe[1932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02520FDE
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02530FCA
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02530F72
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0253001B
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02530000
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 02530F83
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 02530FEF
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 02530FA8
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [73, 8A] {JAE 0xffffffffffffff8c}
.text C:\WINDOWS\system32\wuauclt.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 02530FB9
.text C:\WINDOWS\system32\wuauclt.exe[1932] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0251000A
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F46
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0045
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B001E
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F6B
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0F8D
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0071
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0060
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00B8
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00A7
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B00C9
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0F7C
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F35
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3152] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B008C
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290047
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290036
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FBC
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290011
.text C:\WINDOWS\system32\wuauclt.exe[3152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A001B
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 002A0051
.text C:\WINDOWS\system32\wuauclt.exe[3152] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002A0040

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
  • 0

#4
dllemmen
Posted 22 July 2010 - 09:23 AM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
TL Extras logfile created on: 7/20/2010 2:05:24 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\debbie\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 66.38 Gb Free Space | 89.11% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"New LEGO Digital Designer" = LEGO Digital Designer
"PROSet" = Intel® PRO Network Connections Drivers
"ULTIMATER" = Microsoft Office Ultimate 2007

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2010 11:54:46 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/14/2010 10:55:59 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/14/2010 10:55:59 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/18/2010 9:11:19 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/18/2010 9:11:19 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2010 10:09:46 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/19/2010 10:09:46 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2010 10:09:46 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/19/2010 10:09:46 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/20/2010 12:11:07 PM | Computer Name = OFFICE | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.435
Exception
Code : 0XC0000005 Exception Address : 0X008C0FDE Exception Parameters :
2 Param 1 = 00000000 Param 2 = 0X008C0FDE More information :

[ System Events ]
Error - 7/20/2010 11:17:26 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2010 11:17:26 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2010 11:17:26 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2010 11:17:26 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/20/2010 12:08:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/20/2010 12:08:48 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/20/2010 12:11:08 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/20/2010 1:16:59 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McShield service.

Error - 7/20/2010 1:56:06 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McShield service.

Error - 7/20/2010 1:56:53 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McShield service.


< End of report >
  • 0

#5
dllemmen
Posted 22 July 2010 - 09:25 AM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 7/20/2010 2:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\debbie\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 502.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 66.38 Gb Free Space | 89.11% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 14:03:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTL.exe
PRC - [2010/07/07 20:06:56 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/07 20:06:55 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/20 14:03:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTL.exe
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/07 20:06:55 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/07 20:07:14 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/14 12:50:14 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=en&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/20 11:27:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/20 11:17:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Documents and Settings\debbie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/27 19:49:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3bd29c4e-857d-11df-8ec3-001d098a43e0}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{3bd29c4e-857d-11df-8ec3-001d098a43e0}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/20 14:03:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTL.exe
[2010/07/20 12:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Desktop\gmer
[2010/07/20 11:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Desktop\tdsskiller
[2010/07/20 11:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Desktop\GooredFix Backups
[2010/07/20 11:45:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\debbie\Desktop\GooredFix.exe
[2010/07/20 11:17:14 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/20 11:16:10 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTM.exe
[2010/07/20 11:14:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/20 11:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/20 10:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/20 07:27:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\debbie\IECompatCache
[2010/07/19 10:30:25 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/07/18 20:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\Malwarebytes
[2010/07/18 20:17:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/18 20:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/18 20:17:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/18 20:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/17 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Apple
[2010/07/17 17:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/10 18:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/07 20:07:47 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/06 15:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Adobe
[2010/07/06 15:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/06 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/06 15:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/01 09:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/29 11:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\Apple Computer
[2010/06/29 11:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Apple Computer
[2010/06/29 11:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Scansoft
[2010/06/29 11:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 11:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/29 11:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 11:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 11:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/29 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/29 11:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 11:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/29 11:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/29 08:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/29 08:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/06/29 08:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/29 08:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/06/29 08:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Microsoft Help
[2010/06/29 08:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/29 08:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/29 08:41:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/29 08:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\U3
[2010/06/29 08:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2010/06/29 08:26:48 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2010/06/29 08:26:41 | 000,102,400 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2010/06/29 08:26:10 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2010/06/29 08:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/06/29 08:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/06/29 08:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/06/29 08:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/06/29 08:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/06/29 08:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/29 08:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/29 08:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/06/29 08:06:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\debbie\PrivacIE
[2010/06/29 08:05:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\debbie\IETldCache
[2010/06/29 08:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/29 07:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/29 07:58:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/29 07:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/28 11:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\My Documents\LEGO Creations
[2010/06/28 11:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\LEGO Company
[2010/06/28 11:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\LEGO Company
[2010/06/28 10:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\Macromedia
[2010/06/28 10:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\Adobe
[2010/06/28 09:58:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/28 09:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/28 08:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/06/28 07:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/28 07:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/06/28 07:35:52 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/06/28 07:35:52 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/06/28 07:35:52 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/06/28 07:35:50 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/06/28 07:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/28 07:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/06/28 07:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/06/28 07:32:52 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/06/28 07:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/27 22:11:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/06/27 22:11:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/27 21:52:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/27 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/27 20:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/27 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/27 20:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/06/27 20:07:49 | 000,000,000 | ---D | C] -- C:\Intel
[2010/06/27 20:07:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2010/06/27 20:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/06/27 20:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/27 20:02:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/27 20:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/27 20:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/27 20:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/27 20:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/27 19:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Application Data\Identities
[2010/06/27 19:56:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/06/27 19:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debbie\My Documents\My Music
[2010/06/27 19:56:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debbie\My Documents\My Pictures
[2010/06/27 19:56:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\debbie\Application Data\Microsoft
[2010/06/27 19:56:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\debbie\Application Data
[2010/06/27 19:56:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debbie\Favorites
[2010/06/27 19:56:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\debbie\Cookies
[2010/06/27 19:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Desktop
[2010/06/27 19:56:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\debbie\SendTo
[2010/06/27 19:56:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\debbie\Recent
[2010/06/27 19:56:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debbie\Start Menu
[2010/06/27 19:56:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\debbie\My Documents
[2010/06/27 19:56:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\debbie\Templates
[2010/06/27 19:56:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\debbie\PrintHood
[2010/06/27 19:56:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\debbie\NetHood
[2010/06/27 19:56:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\debbie\Local Settings
[2010/06/27 19:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\debbie\Local Settings\Application Data\Microsoft
[2010/06/27 19:53:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/06/27 19:53:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/06/27 19:53:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:53:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/06/27 19:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/06/27 19:52:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/06/27 19:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/06/27 19:50:55 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/27 19:50:55 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/27 19:50:55 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/06/27 19:50:08 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/27 19:49:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/06/27 19:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/06/27 19:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/06/27 19:49:49 | 000,000,000 | ---D | C] -- C:\DELL
[2010/06/27 19:49:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/06/27 19:48:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/06/27 19:48:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/06/27 19:48:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/06/27 19:48:31 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/06/27 19:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/06/27 19:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/06/27 19:47:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/06/27 19:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/06/27 19:47:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/06/27 19:47:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/06/27 19:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/06/27 19:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/06/27 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/06/27 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/06/27 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/06/27 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/06/27 19:47:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/06/27 19:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/06/27 19:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/06/27 19:46:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/06/27 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/06/27 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/06/27 19:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/06/27 19:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/06/27 19:46:05 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/06/27 19:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/06/27 19:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/06/27 19:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/06/27 19:46:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/06/27 15:33:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/06/27 15:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/06/27 15:33:45 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/06/27 15:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/06/27 15:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/06/27 15:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/06/27 15:33:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/06/27 15:33:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/06/27 15:33:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/06/27 15:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/06/27 15:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/06/27 15:33:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/06/27 15:33:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/06/27 15:33:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/06/27 15:33:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/06/27 15:32:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/27 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/06/27 15:26:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/06/27 15:26:38 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/06/27 15:26:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/06/27 15:26:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/06/27 15:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
  • 0

#6
dllemmen
Posted 22 July 2010 - 09:26 AM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here's the rest of the OTL:


========== Files - Modified Within 90 Days ==========

[2010/07/20 14:03:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTL.exe
[2010/07/20 14:00:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/20 13:59:30 | 000,008,821 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/20 13:59:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 13:59:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 13:57:03 | 003,223,360 | -H-- | M] () -- C:\Documents and Settings\debbie\Local Settings\Application Data\IconCache.db
[2010/07/20 12:58:31 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\debbie\ntuser.dat
[2010/07/20 12:06:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\gmer.zip
[2010/07/20 11:58:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\debbie\ntuser.ini
[2010/07/20 11:55:13 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\tdsskiller.zip
[2010/07/20 11:45:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\debbie\Desktop\GooredFix.exe
[2010/07/20 11:17:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/20 11:16:17 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\debbie\Desktop\OTM.exe
[2010/07/20 11:14:16 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\debbie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/20 11:14:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\NTREGOPT.lnk
[2010/07/20 11:14:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\ERUNT.lnk
[2010/07/20 10:40:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\HijackThis.lnk
[2010/07/19 15:46:57 | 000,044,992 | ---- | M] () -- C:\Documents and Settings\debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 10:29:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\debbie\Local Settings\Application Data\housecall.guid.cache
[2010/07/18 20:17:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/18 17:22:23 | 000,357,288 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 17:22:23 | 000,314,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 17:22:23 | 000,041,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/17 18:54:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/17 18:54:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/17 18:54:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/17 18:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/12 11:54:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 20:07:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/07 20:07:14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 15:06:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 09:53:07 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/29 11:49:14 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/29 08:31:43 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/29 08:31:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2010/06/29 08:26:52 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/06/29 08:05:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/28 11:24:41 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2010/06/28 08:40:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\debbie\Desktop\Internet.lnk
[2010/06/28 07:35:40 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/28 07:35:39 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/27 20:02:05 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/27 19:56:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/27 19:52:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/27 19:51:25 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/27 19:49:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/27 19:49:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/27 19:49:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/27 19:49:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/06/27 19:49:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/27 19:49:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/27 19:49:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/27 19:49:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/27 19:49:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/27 19:49:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/27 19:48:39 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/27 19:48:39 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/27 19:47:17 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/27 19:47:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/27 19:47:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/07/20 12:06:31 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\gmer.zip
[2010/07/20 11:47:10 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\tdsskiller.zip
[2010/07/20 11:14:16 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\debbie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/20 11:14:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\NTREGOPT.lnk
[2010/07/20 11:14:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\ERUNT.lnk
[2010/07/20 10:40:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\HijackThis.lnk
[2010/07/19 10:29:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\debbie\Local Settings\Application Data\housecall.guid.cache
[2010/07/18 20:17:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/06 15:06:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/29 14:32:04 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/29 11:34:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/29 08:31:43 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/29 08:31:43 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/06/29 08:26:51 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/06/29 08:26:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/06/29 08:24:22 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/06/28 11:24:41 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2010/06/28 08:40:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\debbie\Desktop\Internet.lnk
[2010/06/28 07:51:24 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/28 07:35:40 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/28 07:35:39 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/27 20:28:35 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100627-202835.backup
[2010/06/27 20:12:50 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\debbie\ntuser.dat
[2010/06/27 20:12:46 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/06/27 20:12:18 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2010/06/27 20:07:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010/06/27 20:07:56 | 000,026,304 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/06/27 20:07:56 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/06/27 20:07:55 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2010/06/27 20:07:55 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2010/06/27 20:03:47 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/27 20:02:05 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/27 19:56:36 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/27 19:56:29 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\debbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/27 19:56:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\debbie\ntuser.ini
[2010/06/27 19:56:23 | 000,032,768 | -H-- | C] () -- C:\Documents and Settings\debbie\ntuser.dat.LOG
[2010/06/27 19:52:07 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/27 19:51:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/27 19:51:16 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/27 19:50:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/27 19:50:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/27 19:50:50 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/27 19:50:38 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/27 19:50:38 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/27 19:50:32 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/27 19:50:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/27 19:50:30 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/27 19:50:24 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/27 19:50:21 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/27 19:50:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/06/27 19:50:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/27 19:50:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/06/27 19:50:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/06/27 19:50:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/06/27 19:50:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/27 19:50:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/06/27 19:50:07 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/06/27 19:50:07 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/06/27 19:50:07 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/06/27 19:50:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/06/27 19:50:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/06/27 19:50:05 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/06/27 19:50:05 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/06/27 19:50:05 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/06/27 19:50:05 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/06/27 19:50:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/06/27 19:50:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/06/27 19:50:05 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/06/27 19:50:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/06/27 19:50:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/06/27 19:50:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/06/27 19:50:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/06/27 19:50:04 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/06/27 19:50:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/06/27 19:50:03 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/06/27 19:50:03 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/06/27 19:50:03 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/06/27 19:50:03 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/27 19:50:03 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/27 19:50:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/06/27 19:50:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/06/27 19:49:32 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/27 19:49:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/27 19:49:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/06/27 19:49:32 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/06/27 19:49:32 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/06/27 19:49:28 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/27 19:49:28 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/27 19:49:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/27 19:48:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/27 19:48:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/27 19:48:34 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/27 19:48:23 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/06/27 19:47:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/06/27 19:47:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/06/27 19:47:51 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/06/27 19:47:41 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/06/27 19:47:32 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/06/27 19:47:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/27 19:46:23 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/06/27 19:46:23 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/06/27 19:46:22 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/06/27 19:46:22 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/06/27 19:46:22 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/06/27 19:46:22 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/06/27 19:46:22 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/06/27 19:46:22 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/06/27 19:46:22 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/06/27 19:46:22 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/06/27 19:46:22 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/06/27 19:46:22 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/06/27 19:46:21 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/06/27 19:46:21 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/06/27 19:46:21 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/06/27 19:46:21 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/06/27 19:46:21 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/06/27 19:46:21 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/06/27 19:46:21 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/06/27 19:46:20 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/06/27 19:46:19 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/06/27 19:46:19 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/06/27 19:46:13 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/06/27 15:33:51 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 15:33:46 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/06/27 15:33:46 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/06/27 15:33:46 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/06/27 15:33:45 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/06/27 15:33:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/06/27 15:33:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/06/27 15:33:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/06/27 15:33:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/06/27 15:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/06/27 15:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/06/27 15:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/06/27 15:33:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/06/27 15:33:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/06/27 15:33:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/06/27 15:33:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/06/27 15:33:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/06/27 15:33:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/06/27 15:33:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/06/27 15:33:37 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/06/27 15:33:37 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/06/27 15:33:37 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/06/27 15:33:37 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/06/27 15:33:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/06/27 15:33:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/06/27 15:33:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/06/27 15:33:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/06/27 15:33:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/06/27 15:33:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/06/27 15:33:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/06/27 15:33:30 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/06/27 15:33:21 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/27 15:33:21 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/27 15:33:21 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010/06/27 15:33:21 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/27 15:33:21 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/06/27 15:33:21 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/06/27 15:33:21 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/06/27 15:33:21 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/27 15:33:21 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/06/27 15:33:21 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/06/27 15:33:21 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/27 15:33:21 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/27 15:33:21 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/06/27 15:33:21 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/06/27 15:33:20 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/06/27 15:33:20 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/06/27 15:33:20 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/06/27 15:32:45 | 000,187,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 15:31:44 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/06/27 15:31:42 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/06/29 08:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/29 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/27 20:02:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/28 11:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\debbie\Application Data\LEGO Company
[2010/07/20 14:00:29 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/28 07:35:40 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/28 07:35:39 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/20 13:59:03 | 000,007,164 | ---- | M] () -- C:\aaw7boot.log
[2010/06/27 19:49:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/17 18:54:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/27 19:49:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/27 19:49:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/27 19:49:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/20 13:59:03 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/20 11:57:24 | 000,026,812 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_20.07.2010_11.57.18_log.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/27 19:49:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/27 15:31:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/27 15:31:44 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/27 15:31:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/04 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 06:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-17 21:02:40

< >
< End of report >
  • 0

#7
RKinner
Posted 22 July 2010 - 01:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


We are seeing a lot of infected routers. I assume you have one in your home network. What make and model is it?

Ron
  • 0

#8
dllemmen
Posted 23 July 2010 - 05:41 AM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks so much for your assistance!

My router is a Trendnet TEW-432BRP.

And here's the logs:

ComboFix 10-07-22.01 - debbie 07/23/2010 7:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.285 [GMT -4:00]
Running from: c:\documents and settings\debbie\Desktop\George.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-20 19:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 19:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 15:17 . 2010-07-20 15:17 -------- d-----w- C:\_OTM
2010-07-20 15:14 . 2010-07-20 15:14 -------- d-----w- c:\program files\ERUNT
2010-07-20 14:40 . 2010-07-20 14:40 -------- d-----w- c:\program files\Trend Micro
2010-07-20 11:27 . 2010-07-20 11:27 -------- d-sh--w- c:\documents and settings\debbie\IECompatCache
2010-07-19 14:30 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-19 14:10 . 2010-07-19 14:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-19 14:10 . 2010-07-19 14:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-19 00:17 . 2010-07-19 00:17 -------- d-----w- c:\documents and settings\debbie\Application Data\Malwarebytes
2010-07-19 00:17 . 2010-07-19 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-19 00:17 . 2010-07-20 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 22:11 . 2010-07-17 22:11 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Apple
2010-07-17 22:11 . 2010-07-17 22:11 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Apple
2010-07-15 22:28 . 2010-07-17 11:14 664 ----a-w- c:\documents and settings\Kids\Local Settings\Application Data\d3d9caps.dat
2010-07-10 22:11 . 2010-07-10 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-07-08 00:07 . 2010-07-08 00:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-07 21:08 . 2010-07-07 21:14 -------- d-----w- c:\documents and settings\Kids\Application Data\LEGO Company
2010-07-06 22:06 . 2010-07-06 22:06 -------- d-----w- c:\documents and settings\Kids\Application Data\ScanSoft
2010-07-06 22:05 . 2010-07-06 22:38 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Adobe
2010-07-06 19:10 . 2010-07-15 16:36 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Adobe
2010-07-06 19:06 . 2010-07-06 19:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-06 16:34 . 2010-07-06 16:34 -------- d-sh--w- c:\documents and settings\Kids\PrivacIE
2010-07-06 16:34 . 2010-07-06 16:34 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Apple Computer
2010-07-06 16:34 . 2010-07-06 16:34 -------- d-----w- c:\documents and settings\Kids\Application Data\Apple Computer
2010-07-06 16:34 . 2010-07-06 16:34 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\Scansoft
2010-07-06 16:34 . 2010-07-06 16:34 -------- d-sh--w- c:\documents and settings\Kids\IETldCache
2010-07-01 13:52 . 2010-07-01 13:52 -------- d-----w- c:\program files\MSXML 4.0
2010-06-29 18:32 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-29 15:50 . 2010-06-29 15:50 -------- d-----w- c:\documents and settings\debbie\Application Data\Apple Computer
2010-06-29 15:50 . 2010-06-29 15:50 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Apple Computer
2010-06-29 15:49 . 2010-06-29 15:49 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Scansoft
2010-06-29 15:38 . 2010-06-29 15:38 44992 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 15:37 . 2010-06-29 15:38 -------- d-----w- c:\documents and settings\Scott\Application Data\Apple Computer
2010-06-29 15:21 . 2010-06-29 15:21 -------- d-sh--w- c:\documents and settings\Scott\PrivacIE
2010-06-29 15:20 . 2010-06-29 15:20 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Scansoft
2010-06-29 15:20 . 2010-06-29 15:20 -------- d-sh--w- c:\documents and settings\Scott\IETldCache
2010-06-29 13:16 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\debbie\Application Data\U3\temp\cleanup.exe
2010-06-29 12:45 . 2010-06-29 12:45 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 12:42 . 2010-06-29 12:42 -------- d-----w- c:\windows\SHELLNEW
2010-06-29 12:42 . 2010-06-29 12:42 -------- d-----w- c:\documents and settings\debbie\Local Settings\Application Data\Microsoft Help
2010-06-29 12:41 . 2010-06-29 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-29 12:41 . 2010-06-29 12:41 -------- d-----r- C:\MSOCache
2010-06-29 12:38 . 2007-10-23 13:22 3350528 ---ha-w- c:\documents and settings\debbie\Application Data\U3\temp\Launchpad Removal.exe
2010-06-29 12:38 . 2010-07-21 14:43 -------- d-----w- c:\documents and settings\debbie\Application Data\U3
2010-06-29 12:26 . 2010-06-29 12:26 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-06-29 12:26 . 2006-07-07 16:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2010-06-29 12:26 . 2008-01-25 16:48 102400 ------w- c:\windows\system32\BrMfNt.dll
2010-06-29 12:26 . 2002-11-26 17:43 106496 ------w- c:\windows\system32\BrMuSNMP.dll
2010-06-29 12:26 . 2008-01-25 19:21 167936 ------w- c:\windows\system32\NSSearch.dll
2010-06-29 12:26 . 2010-06-29 12:29 -------- d-----w- c:\program files\Brother
2010-06-29 12:24 . 2010-06-29 12:24 10134 ----a-r- c:\documents and settings\debbie\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-06-29 12:24 . 2010-06-29 12:24 -------- d-----w- c:\program files\Nuance
2010-06-29 12:24 . 2010-06-29 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-06-29 12:23 . 2010-06-29 12:23 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-29 12:23 . 2010-06-29 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-06-29 12:23 . 2010-06-29 12:23 -------- d-----w- c:\program files\ScanSoft
2010-06-29 12:23 . 2010-06-29 12:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-29 12:23 . 2010-06-29 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-06-29 12:06 . 2010-06-29 12:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-29 12:06 . 2010-06-29 12:06 -------- d-sh--w- c:\documents and settings\debbie\PrivacIE
2010-06-29 12:05 . 2010-06-29 12:05 -------- d-sh--w- c:\documents and settings\debbie\IETldCache
2010-06-29 12:01 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-29 12:01 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-29 12:01 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-29 12:01 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-29 12:01 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-29 12:01 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-29 12:01 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-29 12:00 . 2010-07-01 13:53 -------- d-----w- c:\windows\ie8updates
2010-06-29 12:00 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-29 11:58 . 2010-06-29 12:00 -------- dc-h--w- c:\windows\ie8
2010-06-28 15:28 . 2010-06-28 15:28 -------- d-sh--w- c:\documents and settings\Scott\UserData
2010-06-28 15:24 . 2010-06-28 15:24 -------- d-----w- c:\documents and settings\debbie\Application Data\LEGO Company
2010-06-28 15:24 . 2010-06-28 15:24 -------- d-----w- c:\program files\LEGO Company
2010-06-28 13:47 . 2010-06-28 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-28 12:25 . 2010-07-21 00:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-06-28 11:41 . 2010-07-17 21:09 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-28 11:38 . 2010-06-28 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-06-28 11:35 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-28 11:35 . 2010-02-17 20:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-06-28 11:35 . 2010-02-17 20:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-28 11:35 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-28 11:35 . 2010-06-28 11:35 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-28 11:35 . 2010-06-28 11:35 -------- d-----w- c:\program files\McAfee.com
2010-06-28 11:35 . 2010-07-22 15:12 -------- d-----w- c:\program files\McAfee
2010-06-28 11:34 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-28 11:34 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-28 11:33 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-28 11:33 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-28 11:33 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-28 11:33 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-28 11:32 . 2010-02-17 15:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-06-28 11:32 . 2010-02-17 20:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-06-28 11:15 . 2010-06-28 11:15 -------- d-----w- c:\windows\ServicePackFiles
2010-06-28 11:13 . 2010-07-19 19:46 44992 ----a-w- c:\documents and settings\debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 02:11 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-06-28 01:49 . 2010-06-28 01:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 00:21 . 2010-06-28 01:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-28 00:21 . 2010-06-28 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-28 00:12 . 2010-06-28 01:49 -------- d-----w- c:\program files\Intel
2010-06-28 00:12 . 2007-04-14 00:33 254872 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2010-06-28 00:12 . 2007-04-12 22:47 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-06-28 00:12 . 2007-01-30 01:36 62840 ----a-w- c:\windows\system32\NicInstE.dll
2010-06-28 00:12 . 2007-01-18 03:02 28536 ----a-w- c:\windows\system32\NicCo.dll
2010-06-28 00:12 . 2007-01-18 03:02 66424 ----a-w- c:\windows\system32\NicEtCoE.dll
2010-06-28 00:12 . 2007-01-18 02:59 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-06-28 00:10 . 2007-04-16 23:50 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-06-28 00:05 . 2010-06-28 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-28 00:02 . 2010-07-08 00:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-28 00:02 . 2010-07-08 00:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 00:02 . 2010-06-28 00:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-28 00:02 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-28 00:01 . 2010-06-28 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-28 00:01 . 2010-06-28 00:02 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 12:56 . 2010-06-27 23:48 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-29 15:37 . 2010-06-29 15:35 -------- d-----w- c:\program files\iTunes
2010-06-29 15:37 . 2010-06-29 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 15:35 . 2010-06-29 15:35 -------- d-----w- c:\program files\iPod
2010-06-29 15:35 . 2010-06-29 15:33 -------- d-----w- c:\program files\Common Files\Apple
2010-06-29 15:35 . 2010-06-29 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-29 15:35 . 2010-06-29 15:34 -------- d-----w- c:\program files\QuickTime
2010-06-29 15:34 . 2010-06-29 15:34 -------- d-----w- c:\program files\Apple Software Update
2010-06-29 15:33 . 2010-06-29 15:33 -------- d-----w- c:\program files\Bonjour
2010-06-29 15:33 . 2010-06-29 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-28 00:07 . 2010-06-28 00:07 45056 ----a-r- c:\documents and settings\debbie\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-06-28 00:07 . 2010-06-28 00:07 10134 ----a-r- c:\documents and settings\debbie\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-06-28 00:07 . 2010-06-28 00:07 -------- d-----w- c:\program files\Dell
2010-06-27 23:49 . 2010-06-27 23:49 -------- d-----w- c:\program files\microsoft frontpage
2010-06-27 23:47 . 2010-06-27 23:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:30 . 2010-06-27 23:47 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\18668\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\18668\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\18668\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\18668\AcrobatUpdater.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2004-08-04 10:00 1850880 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 162584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\debbie\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-16 23:51 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/27/2010 8:02 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/28/2010 7:37 AM 203280]
.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:06]

2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 16:22]

2010-06-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-28 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 07:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-07-23 07:29:40
ComboFix-quarantined-files.txt 2010-07-23 11:29

Pre-Run: 71,010,648,064 bytes free
Post-Run: 71,052,967,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D84F397A91F42E12EAFD682A54A2B4E4


07:36:44:359 3972 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
07:36:44:359 3972 ================================================================================
07:36:44:359 3972 SystemInfo:

07:36:44:359 3972 OS Version: 5.1.2600 ServicePack: 2.0
07:36:44:359 3972 Product type: Workstation
07:36:44:359 3972 ComputerName: OFFICE
07:36:44:359 3972 UserName: debbie
07:36:44:359 3972 Windows directory: C:\WINDOWS
07:36:44:359 3972 System windows directory: C:\WINDOWS
07:36:44:359 3972 Processor architecture: Intel x86
07:36:44:359 3972 Number of processors: 2
07:36:44:359 3972 Page size: 0x1000
07:36:44:359 3972 Boot type: Normal boot
07:36:44:359 3972 ================================================================================
07:36:44:640 3972 Initialize success
07:36:44:640 3972
07:36:44:640 3972 Scanning Services ...
07:36:45:062 3972 Raw services enum returned 277 services
07:36:45:078 3972
07:36:45:078 3972 Scanning Drivers ...
07:36:45:875 3972 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:36:45:937 3972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:36:46:000 3972 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
07:36:46:375 3972 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:36:46:437 3972 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:36:46:500 3972 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:36:46:562 3972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:36:46:656 3972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:36:46:812 3972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:36:46:875 3972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:36:46:921 3972 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
07:36:47:000 3972 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:36:47:046 3972 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
07:36:47:375 3972 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
07:36:47:437 3972 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
07:36:47:484 3972 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
07:36:47:531 3972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:36:47:609 3972 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
07:36:47:734 3972 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
07:36:47:765 3972 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:36:47:796 3972 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
07:36:47:859 3972 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:36:47:906 3972 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:36:47:937 3972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:36:47:953 3972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:36:48:031 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:36:48:250 3972 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:36:48:281 3972 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:36:48:375 3972 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
07:36:48:656 3972 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
07:36:48:843 3972 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:36:49:062 3972 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:36:49:125 3972 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:36:49:171 3972 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:36:49:265 3972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:36:49:343 3972 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:36:49:390 3972 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:36:49:468 3972 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:36:49:578 3972 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:36:49:765 3972 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:36:49:953 3972 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:36:50:031 3972 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:36:50:093 3972 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
07:36:50:156 3972 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
07:36:50:343 3972 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
07:36:50:609 3972 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
07:36:50:828 3972 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
07:36:51:015 3972 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys
07:36:51:203 3972 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
07:36:51:406 3972 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
07:36:51:578 3972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:36:51:625 3972 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
07:36:51:687 3972 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:36:51:734 3972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:36:51:781 3972 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
07:36:51:843 3972 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
07:36:52:125 3972 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:36:52:218 3972 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:36:52:500 3972 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
07:36:52:546 3972 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:36:52:609 3972 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
07:36:52:703 3972 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
07:36:52:781 3972 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:36:52:812 3972 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:36:52:875 3972 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:36:52:921 3972 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
07:36:52:984 3972 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:36:53:046 3972 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:36:53:093 3972 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
07:36:53:140 3972 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
07:36:53:171 3972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:36:53:218 3972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:36:53:234 3972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:36:53:296 3972 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
07:36:53:312 3972 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
07:36:53:343 3972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:36:53:375 3972 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
07:36:53:453 3972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:36:53:500 3972 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:36:53:718 3972 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:36:53:734 3972 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
07:36:53:765 3972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:36:53:843 3972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:36:53:890 3972 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:36:53:921 3972 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:36:53:921 3972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:36:53:984 3972 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:36:54:015 3972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:36:54:078 3972 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
07:36:54:125 3972 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:36:54:171 3972 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:36:54:234 3972 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
07:36:54:281 3972 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:36:54:343 3972 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
07:36:54:437 3972 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
07:36:54:703 3972 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:36:54:812 3972 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:36:54:859 3972 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:36:54:875 3972 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
07:36:54:906 3972 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:36:54:984 3972 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
07:36:55:062 3972 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
07:36:55:078 3972 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:36:55:203 3972 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:36:55:234 3972 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:36:55:265 3972 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:36:55:296 3972 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:36:55:328 3972 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:36:55:359 3972 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
07:36:55:406 3972 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
07:36:55:421 3972 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:36:55:468 3972
07:36:55:468 3972 Completed
07:36:55:468 3972
07:36:55:468 3972 Results:
07:36:55:468 3972 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:36:55:468 3972 File objects infected / cured / cured on reboot: 0 / 0 / 0
07:36:55:468 3972
07:36:55:468 3972 KLMD(ARK) unloaded successfully
  • 0

#9
RKinner
Posted 23 July 2010 - 09:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it.

What does it say about your MBR?

Run the free on-line scan from Bitdefender:

Copy the next line by highlighting and ctrl + c

http://www.bitdefend...nline/free.html

Close all programs and browsers. Start either IE or Firefox. Then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Do not run other programs or tabs while the scan is running. Copy and paste the report you get into a reply.


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 4.2.2.1 in the Preferred DNS server and nothing in the Alternate DNS server boxes.

5. Click "OK"

Reboot.

This last step tells the PC to use a different DNS server instead of using your router. If it makes the redirects stop then the router is infected and will need to be reset to factory defaults. You may first want to log on to the router and copy down any wireless configuration or special configuration that is required to log onto your DSL or cable.
Log into the Router by entering its IP address into a browser. The default IP address is http://192.168.1.1. The default username is admin with a password of admin.

To reset to factory, disconnect all PCs from the network then:
http://www.trendnet....d=649&catId=481

Connect up only this PC.
Log into the Router by entering http://192.168.1.1 The default username is admin with a password of admin. Change the password immediately to something beside admin.
http://www.trendnet....d=648&catId=481
Then make any other changes that you need for wireless encryption
http://www.trendnet....d=655&catId=481
or to log into your DSL or cable.
http://www.trendnet....d=706&catId=481
(If you have a separate DSL or Cable modem then the default setup should work with no changes.) Make sure you are using encryption on the wireless links. This is very important unless you live in a rural setting. You may need to change the wireless setups on the other PCs to use the encryption.

Ron
  • 0

#10
dllemmen
Posted 23 July 2010 - 12:20 PM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,

I ran the mbr and it said:
74gb \\.\PhysicalDrive0 WindowsXP MBR code detected.

I'm getting a page not found type error when I copy and paste the bit defender link. I wasn't sure if I should click on it an run it from there...

Thanks again
  • 0

#11
RKinner
Posted 23 July 2010 - 04:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
MBRCheck is good.

You can just click on the bitdefender link. What happened is that the forum software compressed it so you have to right click on it and copy link or you don't get the whole thing.

Ron
  • 0

#12
dllemmen
Posted 23 July 2010 - 06:44 PM

dllemmen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you so much for all your help!!!!!!!!!!!

I went ahead and checked my router and WOW the settings had been totally changed, it was sending all requests to a totally different IP address, scary! I reset the router and SET A PASSWORD (you'd think an internet programmer would know better :) )

Everything is working great now, is it worthwhile to still run the bitdefender or anything else? I've run Mcafee and Malawarebytes on all computers and they came back clean.

Thank You!
  • 0

#13
RKinner
Posted 23 July 2010 - 09:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'd run bitdefender. It should not take very long and it's a lot better than McAfee.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP