Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute.
Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Computer Running Slow & Rootkit found


  • This topic is locked This topic is locked

#1
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Noticed computer running slow and ran MBAM, which found a rootkit. Want to make sure is gone, as still running slow.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4516

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/31/2010 2:27:15 PM
mbam-log-2010-08-31 (14-27-15).txt

Scan type: Quick scan
Objects scanned: 170996
Time elapsed: 44 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\ausome dylan\Local Settings\Temp\1B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 17:46:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Sandy\LOCALS~1\Temp\fgriruob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAE27D78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAE27D821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAE27D738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAE27D74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAE27D835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAE27D861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAE27D8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAE27D8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAE27D7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAE27D8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAE27D80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAE27D710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAE27D724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAE27D79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAE27D937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAE27D8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAE27D88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAE27D84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAE27D923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAE27D90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAE27D776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAE27D762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAE27D877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAE27D7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAE27D8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAE27D7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAE27D7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP AE27D7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D48 5 Bytes JMP AE27D811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F9 7 Bytes JMP AE27D891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP AE27D78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP AE27D766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570833 5 Bytes JMP AE27D825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570C4A 7 Bytes JMP AE27D93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 7 Bytes JMP AE27D8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP AE27D714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP AE27D7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572A6E 7 Bytes JMP AE27D87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP AE27D7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP AE27D7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP AE27D750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP AE27D7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80589A67 7 Bytes JMP AE27D8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP AE27D728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058EA94 5 Bytes JMP AE27D8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D64 7 Bytes JMP AE27D865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80595316 7 Bytes JMP AE27D839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP AE27D73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP AE27D77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DD32 7 Bytes JMP AE27D8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E66B 7 Bytes JMP AE27D8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064EAEA 7 Bytes JMP AE27D84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EFDD 5 Bytes JMP AE27D913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F446 5 Bytes JMP AE27D927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xBA4C8E00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xBA4B2F00]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FC0
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0051
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F55
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F66
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F30
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00C9
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F1F
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0062
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB009D
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0040
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0025
.text C:\WINDOWS\System32\svchost.exe[156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00B8
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FC0
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F6F
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FDB
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660011
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660F94
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00660FAF
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 88]
.text C:\WINDOWS\System32\svchost.exe[156] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0066002C
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650F86
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!system 77C293C7 5 Bytes JMP 0065001B
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FC6
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FAB
.text C:\WINDOWS\System32\svchost.exe[156] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650000
.text C:\WINDOWS\System32\svchost.exe[156] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00630FEF
.text C:\WINDOWS\System32\svchost.exe[156] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0063000A
.text C:\WINDOWS\System32\svchost.exe[156] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630FCA
.text C:\WINDOWS\System32\svchost.exe[156] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0063001B
.text C:\WINDOWS\System32\svchost.exe[156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00720F48
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00720F59
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0072003D
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0072002C
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00720F2B
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00720073
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00720EF8
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00720F09
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00720EE7
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00720FD4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00720058
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00720F9E
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00720FB9
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00720F1A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0071003D
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00710FC0
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0071002C
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00710011
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00710073
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00710062
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00710FD1
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0070003A
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00700FB9
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00700018
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00700029
.text C:\WINDOWS\system32\services.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00700FDE
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010A0FEF
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010A005B
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010A0F70
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010A004A
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010A0F8D
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010A0025
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010A0F1F
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010A0F3A
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010A0EF3
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010A0F0E
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010A0ED8
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010A0FA8
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010A0FD4
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010A0F55
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 010A0014
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010A0FB9
.text C:\WINDOWS\system32\lsass.exe[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010A008C
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01090FC0
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01090F72
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01090011
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01090000
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01090F83
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01090FE5
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01090F94
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [29, 89]
.text C:\WINDOWS\system32\lsass.exe[856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01090FA5
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0049
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF002E
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FD2
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF000C
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF001D
.text C:\WINDOWS\system32\lsass.exe[856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FE3
.text C:\WINDOWS\system32\lsass.exe[856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0093
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0FAF
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA006C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA00C9
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA00B8
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA011A
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA00F5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA0F66
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0051
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F8D
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA00E4
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B6005B
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B60FDE
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B60F9E
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B6004A
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B60FB9
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50FB7
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50FC8
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B50FD9
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B50038
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B50F77
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50F92
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B5006C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50051
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50FB9
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50F2E
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50F4B
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50EEE
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50087
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50EDD
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50040
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50F5C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B50F09
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B40FB9
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B4005E
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B40F97
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B40FA8
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D4, 88] {AAM 0x88}
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B4002F
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B30044
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B30033
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B30FCD
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B30018
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B30FDE
.text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B90000
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B90080
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B90F8B
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B90F9C
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B9005B
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B90FC3
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B90F42
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B90F53
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B900A5
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B90F16
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B90EE7
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B9004A
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B9001B
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B90F70
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B90FDE
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B90FEF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B90F31
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02AC0011
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02AC0F94
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02AC0000
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02AC0FCA
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02AC0047
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02AC0FE5
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02AC0FA5
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 8A]
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02AC002C
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02AB006D
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 02AB005C
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02AB003A
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02AB000C
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02AB004B
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02AB0029
.text C:\WINDOWS\System32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02AA0FEF
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02A90FEF
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02A90FDE
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02A90FCD
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02A9001E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F96
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065008B
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065007A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650069
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500D4
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500B7
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0065010A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650F71
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F56
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006500A6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0065003D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500EF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F83
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640040
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FA8
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FBE
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630053
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063002E
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630000
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078007F
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0078006E
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F94
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780051
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780FB9
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007800B5
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780F63
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800D7
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007800C6
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800E8
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780036
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780FE5
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780090
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780025
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FD4
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780F52
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770FCA
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0077005B
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0077001B
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0077004A
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00770F9E
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [97, 88]
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FAF
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FA8
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760033
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760FD4
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FC3
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0076000C
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0159000A
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01590F75
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0159006A
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01590F86
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01590F97
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01590FB2
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 015900AC
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01590F5A
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01590F2E
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01590F49
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01590F13
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01590039
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01590FEF
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01590085
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01590FC3
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01590FD4
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 015900C7
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AE004A
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AE0FB2
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AE002F
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AE006F
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AE0FCD
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CE, 88]
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AE0FDE
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD002C
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0FAB
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD0000
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD001B
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD0FC6
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AB0000
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AB001B
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0139000A
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0139006E
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01390F79
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01390F8A
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01390047
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01390036
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01390F54
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013900A6
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013900D2
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013900C1
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013900E3
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01390FA5
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01390FE5
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01390089
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0139001B
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01390FCA
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01390F43
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01260025
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01260058
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01260FD4
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0126000A
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01260047
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01260FEF
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01260036
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01260FAF
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F3002C
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30FAB
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FCD
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30FBC
.text C:\WINDOWS\Explorer.EXE[1952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30FDE
.text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F1000A
.text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F1001B
.text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F10036
.text C:\WINDOWS\Explorer.EXE[1952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F84
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F95
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1006F
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10039
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100C5
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F73
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10102
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100E7
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F58
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C1004A
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10014
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1009E
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\System32\svchost.exe[2128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100D6
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C0001B
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00051
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00000
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00F94
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00FAF
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\System32\svchost.exe[2128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C0002C
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF003D
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF002C
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0000
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0011
.text C:\WINDOWS\System32\svchost.exe[2128] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FD2
.text C:\Program Files\Mozilla Firefox\firefox.exe[2744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40076
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40051
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40F83
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40F94
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40FC0
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F4B
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40093
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F04
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F1F
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40EF3
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40FAF
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4000A
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40F66
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F4002C
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F4001B
.text C:\WINDOWS\System32\svchost.exe[3320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F3A
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F3002F
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30F68
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30014
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30F8D
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F30F9E
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [13, 89]
.text C:\WINDOWS\System32\svchost.exe[3320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0F95
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FA6
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0FD2
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0FB7
.text C:\WINDOWS\System32\svchost.exe[3320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[3320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/31/2010 5:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 574 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 5.16 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDYMOBILE
Current User Name: Sandy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sandy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sandy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ELNKService) -- File not found
SRV - (ElnkFWPPService) -- File not found
SRV - (ADSService) -- File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (dsiarhwprog) -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys (Thesycon GmbH, Germany)
DRV - (ActionReplayDS) -- C:\WINDOWS\system32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (ADSFilter) ADSFilter - (Aluria Filter Driver) -- C:\WINDOWS\system32\drivers\ADSFilter.sys (Aluria Software, LLC)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (BW2NDIS5) -- C:\WINDOWS\system32\drivers\BW2NDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (atiide) -- C:\WINDOWS\system32\DRIVERS\atiide.sys (ATI Technologies Inc.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tiumfwl) -- C:\WINDOWS\system32\drivers\tiumfwl.sys (Texas Instruments Inc.)
DRV - (DevUpper) -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys (Texas Instruments Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (CE3) -- C:\WINDOWS\system32\drivers\CE3N5.SYS (Xircom, Inc.)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\system32\drivers\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.3
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/07 12:36:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 18:23:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/02 21:38:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/12 18:37:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/09 21:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Extensions
[2010/03/09 21:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/31 16:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\extensions
[2010/03/21 17:52:43 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/31 12:50:10 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/29 22:11:30 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/08/31 12:50:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/31 15:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2009/11/01 16:30:41 | 000,348,185 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 11963 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {107FDD4E-1C18-459D-ACEB-52FD1187B3FD} - No CLSID value found.
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - No CLSID value found.
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} Reg Error: Value error. (MSSecurityAdvisor Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bw+0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {49efb962-452d-4951-a33c-1666630d6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {49EFB962-452D-4951-A33C-1666630D6883} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\Shell\Auto\command - "" = F:\Windows.scr -- File not found
O33 - MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\Shell\Auto\command - "" = E:\Windows.scr -- File not found
O33 - MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\Alwil Software\Avast4\aswBoot.exe /A:"*" /L:"English") - C:\PROGRA~1\Alwil Software\Avast4\aswBoot.exe File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: MIDI2 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.DLL (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\IYVU9_32.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/31 16:48:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2010/08/31 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/31 16:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\spyware stuff
[2010/08/31 16:00:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandy\Recent
[2010/08/31 15:57:15 | 003,427,712 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sandy\Desktop\ccsetup235.exe
[2010/08/31 14:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/20 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/11 11:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Music Oasis
[2010/08/11 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2010/08/11 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/08/11 11:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2010/08/11 11:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/08/11 11:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 2
[2010/07/19 10:02:55 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/07/19 10:02:55 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/07/19 10:02:54 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/07/19 10:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/19 10:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/06/06 16:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2004/06/10 22:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/08/31 16:48:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2010/08/31 16:31:52 | 000,009,381 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/31 16:30:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/31 16:29:36 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\BearShareNAG.job
[2010/08/31 16:29:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 16:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 16:17:11 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\gmer.exe
[2010/08/31 16:14:03 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\NTREGOPT.lnk
[2010/08/31 16:14:03 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\ERUNT.lnk
[2010/08/31 16:05:54 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Sandy\ntuser.dat
[2010/08/31 16:05:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sandy\ntuser.ini
[2010/08/31 15:58:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\CCleaner.lnk
[2010/08/31 15:57:15 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy\Desktop\ccsetup235.exe
[2010/08/31 12:51:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDB393D3-C0CE-4708-BCB5-9E86989CDF28}.job
[2010/08/28 13:55:04 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Resume-sandy Hill 2.doc
[2010/08/12 12:08:55 | 000,415,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 11:55:51 | 000,501,514 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 11:55:51 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 11:55:51 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 11:47:43 | 000,000,502 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/08/01 01:01:55 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/19 10:02:57 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/06/09 22:29:40 | 000,001,074 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 17:12:52 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 16:24:58 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/06/06 16:10:47 | 000,000,604 | ---- | M] () -- C:\WINDOWS\Vtw.INI
[2010/06/04 00:17:58 | 004,845,548 | -H-- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2010/08/31 16:17:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\gmer.exe
[2010/08/31 16:14:03 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\NTREGOPT.lnk
[2010/08/31 16:14:03 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\ERUNT.lnk
[2010/08/31 15:58:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\CCleaner.lnk
[2010/08/28 13:53:28 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Resume-sandy Hill 2.doc
[2010/08/11 11:39:22 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\BearShareNAG.job
[2010/07/19 10:02:57 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/05/01 23:22:19 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/21 17:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/10/17 15:45:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/10/17 15:33:13 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/10/17 15:33:13 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/10/17 15:33:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/10/17 15:33:13 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/08/13 15:40:29 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/07 14:41:59 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/08/07 14:41:59 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/08/07 14:40:26 | 000,000,689 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/08/05 11:19:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\fusioncache.dat
[2008/07/26 23:44:15 | 000,000,467 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/07 16:07:56 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2006/10/15 13:13:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/06/16 18:31:40 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2006/06/01 17:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/14 23:41:06 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 22:16:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2006/03/04 22:15:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2006/01/10 20:12:46 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/12/02 15:53:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcicnv4.dll
[2005/11/06 09:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/01 14:42:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/21 13:41:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2004/12/25 15:48:38 | 000,007,988 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/09/20 17:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/05 10:49:21 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2004/09/02 20:16:23 | 000,000,571 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/06/29 19:43:00 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/06/22 21:54:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2004/06/22 21:53:36 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/10 19:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/05/29 13:50:51 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/05/29 13:50:50 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/05/29 13:50:25 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/04/10 13:32:52 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/04/10 13:32:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/29 21:59:22 | 000,000,502 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/03/27 22:04:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2004/03/27 21:27:06 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2004/03/15 20:56:16 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/03/15 20:56:15 | 000,001,192 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/03/14 15:39:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TaskPanl.INI
[2004/03/13 21:16:43 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AUTHMGR.INI
[2004/03/13 11:29:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/03/13 11:29:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/03/13 11:29:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/03/13 11:29:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/03/13 11:29:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/03/13 11:29:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/27 15:06:03 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\GeoCtl.dll
[2003/11/05 17:08:01 | 000,002,196 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/11/05 17:03:46 | 000,001,190 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/11/05 17:01:07 | 000,000,479 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/11/05 16:54:30 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/05 16:53:49 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/05 16:36:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/05 16:35:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/09/23 02:25:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/07/16 08:21:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/14 16:12:10 | 000,000,304 | ---- | C] () -- C:\WINDOWS\dev.ini
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/02/06 23:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2007/10/20 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/06/25 23:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriveHQ
[2010/01/28 23:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/18 12:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/02 20:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/10/19 22:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2003/11/05 16:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2004/03/24 20:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/08/31 16:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/12/04 20:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/12/16 17:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2009/08/19 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/02/06 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\AT&T
[2007/10/20 12:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\AVG7
[2007/02/08 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\BitTorrent
[2008/08/25 14:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Bullzip
[2008/06/23 23:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\DriveHQ
[2004/03/29 14:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Earthlink
[2009/04/23 22:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\GlarySoft
[2004/05/17 22:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\InterVideo
[2004/04/18 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Kontiki
[2004/04/19 23:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Leadertech
[2008/02/16 16:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\MusicIP
[2009/09/20 23:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\My Games
[2006/01/10 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Nikon
[2009/12/16 17:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Printer Info Cache
[2006/10/05 23:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\ScamBlocker
[2006/12/07 23:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Snapfish
[2010/06/06 16:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Sony Online Entertainment
[2010/03/09 21:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Thunderbird
[2009/02/16 17:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Unity
[2009/12/17 14:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\W Photo Studio
[2009/12/16 12:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\W Photo Studio Viewer
[2009/12/16 17:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Wal-Mart
[2009/12/16 17:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Wal-Mart Digital Photo Manager
[2009/12/16 12:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Wal-Mart Digital Photo Viewer
[2009/12/16 13:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Walgreens
[2010/08/31 16:29:36 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\BearShareNAG.job
[2009/03/25 22:52:11 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/08/01 01:01:55 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/08/31 12:51:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDB393D3-C0CE-4708-BCB5-9E86989CDF28}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/11/03 19:57:25 | 000,004,178 | ---- | M] () -- C:\A2Debug.txt
[2005/12/29 22:55:35 | 000,000,000 | ---- | M] () -- C:\ADSClient.txt
[2005/12/29 22:52:57 | 000,000,000 | ---- | M] () -- C:\ADSServer.txt
[2007/04/13 22:51:55 | 000,090,073 | ---- | M] () -- C:\ADSService.txt
[2007/04/13 22:05:09 | 008,691,712 | ---- | M] () -- C:\AluriaCacheFile.dat
[2005/01/22 15:56:54 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2005/07/25 19:45:57 | 000,000,167 | ---- | M] () -- C:\bcmwl5.log
[2004/08/24 20:34:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/26 21:29:10 | 000,000,100 | ---- | M] () -- C:\dlci.log
[2005/07/24 19:28:59 | 000,000,004 | -HS- | M] () -- C:\dllimp_regmsft985
[2010/07/19 11:00:34 | 000,009,104 | ---- | M] () -- C:\drwtsn32.log
[2008/12/19 14:56:06 | 000,045,056 | ---- | M] () -- C:\dues-report.doc
[2007/04/13 22:22:40 | 000,046,709 | ---- | M] () -- C:\elnkserv.log
[2004/11/03 20:03:43 | 000,001,299 | ---- | M] () -- C:\hdd.log
[2008/09/19 14:25:40 | 000,028,559 | ---- | M] () -- C:\interior-castle view.jpg
[2004/03/14 12:21:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/17 21:29:08 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/06/03 20:03:33 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/12/03 17:39:08 | 000,031,744 | ---- | M] () -- C:\membershiproster.xls
[2004/03/14 12:21:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/24 20:23:47 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2008/09/18 17:41:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 16:29:21 | 601,882,624 | -HS- | M] () -- C:\pagefile.sys
[2004/11/16 16:12:31 | 000,000,074 | ---- | M] () -- C:\URL.txt
[2008/06/25 23:49:39 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/07/16 08:09:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/09 00:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/05/13 12:40:56 | 000,051,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034.DLL
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2010/01/28 22:18:54 | 000,001,026 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\helpme_att.lnk

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/05/07 16:07:56 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/07/16 00:59:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/07/16 00:59:20 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/07/16 00:59:20 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/18 17:53:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/08/24 20:45:29 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Sandy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/03/29 14:01:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sandy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/31 15:57:15 | 003,427,712 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sandy\Desktop\ccsetup235.exe
[2010/08/31 16:17:11 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\gmer.exe
[2010/08/31 16:48:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/03/29 14:01:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sandy\Favorites\Desktop.ini
[2010/01/28 22:18:54 | 000,001,026 | -H-- | M] () -- C:\Documents and Settings\Sandy\Favorites\helpme_att.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/06 15:43:31 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Sandy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 17:01:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

OTL Extras logfile created on: 8/31/2010 5:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 574 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 5.16 Gb Free Space | 13.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDYMOBILE
Current User Name: Sandy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl -- File not found
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Disabled:Rio Music Manager -- File not found
"C:\Program Files\EA SPORTS\Madden NFL 2003\mainapp.exe" = C:\Program Files\EA SPORTS\Madden NFL 2003\mainapp.exe:*:Disabled:mainapp -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- File not found
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{07B1BDFB-2596-426B-89E9-E82BF8D3BBED}" = EarthLink Common Authentication
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1D601240-1E3C-11DE-8C30-0800200C9A66}" = Walmart Photo Manager
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}" = hpp2800usg
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F72E05E-2371-4C05-9091-B643A9456267}" = EarthLink Setup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{62F02B00-7AF5-44D2-9940-788496C853C8}_is1" = Sid Meier's Civilization 4 Complete
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7797C70B-11EB-446A-9B1E-3D9039DB581F}" = TotalAccess Core Applications
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7C2F22D6-547A-4452-AEE3-65344A271844}" = MusicIP MyDJ Plug-in
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI 1620
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
"{DA3E7DD3-8545-43D7-AAEA-AEB291983A33}" = Rugrats™ Munchin Land
"{DBDB8C5A-E0B9-4C10-A649-59D962E3A07F}" = EarthLink Webspace
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Self Support Tool
"BFGC" = Big Fish Games Client
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"FreeZip" = FreeZip
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"MusicIP Mixer_is1" = MusicIP Mixer 1.8.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1" = AT&T Internet Security Wizard 1.5.11
"Registry Mechanic_is1" = Registry Mechanic 9.0
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"UnityWebPlayer" = Unity Web Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZipForm Desktop" = ZipForm Desktop

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Sandy
"10d2f181c2b3d79a" = GamersGate Downloader

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2010 8:47:10 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:17 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/27/2010 8:47:22 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:22 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:23 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:24 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:24 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:25 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:25 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/27/2010 8:47:39 PM | Computer Name = SANDYMOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 8/31/2010 5:02:47 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/31/2010 5:08:59 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The ADSService service failed to start due to the following error:
%%3

Error - 8/31/2010 5:08:59 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The EarthLink Protection Control Center Service service failed to
start due to the following error: %%3

Error - 8/31/2010 5:08:59 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The HP Pci Information service failed to start due to the following
error: %%2

Error - 8/31/2010 5:10:39 PM | Computer Name = SANDYMOBILE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.2.101,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 8/31/2010 5:30:37 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The ADSService service failed to start due to the following error:
%%3

Error - 8/31/2010 5:30:37 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The EarthLink Protection Control Center Service service failed to
start due to the following error: %%3

Error - 8/31/2010 5:30:37 PM | Computer Name = SANDYMOBILE | Source = Service Control Manager | ID = 7000
Description = The HP Pci Information service failed to start due to the following
error: %%2

Error - 8/31/2010 5:31:07 PM | Computer Name = SANDYMOBILE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.2.101,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 8/31/2010 5:31:24 PM | Computer Name = SANDYMOBILE | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 adfaeb24, parameter2 00000001, parameter3
adfdafa6, parameter4 00000000.


< End of report >


Thanks for your help!
  • 0

Advertisement


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    SRV - (ELNKService) -- File not found
    SRV - (ElnkFWPPService) -- File not found
    SRV - (ADSService) -- File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>;*.local
    O2 - BHO: (no name) - {107FDD4E-1C18-459D-ACEB-52FD1187B3FD} - No CLSID value found.
    O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - No CLSID value found.
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} Reg Error: Value error. (Reg Error: Key error.)
    O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\Shell\Auto\command - "" = F:\Windows.scr -- File not found
    O33 - MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\Shell\Auto\command - "" = E:\Windows.scr -- File not found
    O33 - MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\Shell\AutoRun - "" = Auto&Play
    [2010/08/11 11:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
    [2010/08/11 11:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
    [2010/08/11 11:39:22 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\BearShareNAG.job
    [2010/06/03 20:03:33 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Oooohhh!

We got a sneaky one here. Was able to run OTL, but when I try to download ComboFix it comes up with an error.

Tried to download to a flash drive and move over to the infected computer, but when I do and open it up ComboFix gets deleted. Tried changing name and it still deletes it.

Here is OTL file.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service ELNKService stopped successfully!
Service ELNKService deleted successfully!
File File not found not found.
Service ElnkFWPPService stopped successfully!
Service ElnkFWPPService deleted successfully!
File File not found not found.
Service ADSService stopped successfully!
Service ADSService deleted successfully!
File File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{107FDD4E-1C18-459D-ACEB-52FD1187B3FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107FDD4E-1C18-459D-ACEB-52FD1187B3FD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B5F2E08-6F39-479a-B547-B2026E4C7EDF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B5F2E08-6F39-479a-B547-B2026E4C7EDF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7F30B62-8269-41AF-9539-B2697FA7D77E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F30B62-8269-41AF-9539-B2697FA7D77E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Starting removal of ActiveX control {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\ not found.
Starting removal of ActiveX control {6A060448-60F9-11D5-A6CD-0002B31F7455}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Starting removal of ActiveX control {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {F5C90925-ABBF-4475-88F5-8622B452BA9E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5C90925-ABBF-4475-88F5-8622B452BA9E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5C90925-ABBF-4475-88F5-8622B452BA9E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5C90925-ABBF-4475-88F5-8622B452BA9E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5C90925-ABBF-4475-88F5-8622B452BA9E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5C90925-ABBF-4475-88F5-8622B452BA9E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b16c56e-cfc1-11dd-bfbc-00904b4cea6a}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\ not found.
File F:\Windows.scr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8854b0b8-575b-11dd-bde8-00023f6b3bf9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\ not found.
File E:\Windows.scr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8854b0b9-575b-11dd-bde8-00023f6b3bf9}\ not found.
C:\Program Files\Free Offers from Freeze.com folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF\content folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF\components folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF folder moved successfully.
C:\Program Files\PriceGong\2.1.0 folder moved successfully.
C:\Program Files\PriceGong folder moved successfully.
C:\WINDOWS\tasks\BearShareNAG.job moved successfully.
C:\mbam-error.txt moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sandy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sandy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: adam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: ausome dylan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4054385 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Sandy
->Temp folder emptied: 1640968 bytes
->Temporary Internet Files folder emptied: 5757633 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35017551 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 564 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37528 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: adam
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: ausome dylan
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Sandy
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08312010_211441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

So any suggestions on how to get Combo Fix on?
  • 0

#4
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Ok was able to get ComboFix on Computer.

Here is log:

ComboFix 10-08-31.01 - Sandy 08/31/2010 21:52:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.735 [GMT -5:00]
Running from: c:\documents and settings\Sandy\Desktop\ComboFix.exe
AV: Authentium Antivirus *On-access scanning enabled* (Updated) {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Authentium Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ausome dylan\Application Data\PriceGong
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\1.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\a.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\b.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\c.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\d.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\e.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\f.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\g.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\h.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\i.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\J.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\k.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\l.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\m.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\n.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\o.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\p.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\q.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\r.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\s.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\t.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\u.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\v.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\w.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\x.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\y.xml
c:\documents and settings\ausome dylan\Application Data\PriceGong\Data\z.xml
c:\windows\box boat blue.ico
c:\windows\patch.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_I386SI


((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-09-01 02:14 . 2010-09-01 02:14 -------- d-----w- C:\_OTL
2010-08-31 21:13 . 2010-08-31 21:14 -------- d-----w- c:\program files\ERUNT
2010-08-31 19:56 . 2010-08-31 20:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-21 02:22 . 2010-08-21 02:22 -------- d-----w- c:\program files\MSXML 4.0
2010-08-13 23:19 . 2010-08-13 23:19 -------- d-----w- c:\documents and settings\adam\Application Data\AdobeUM
2010-08-13 23:18 . 2010-08-13 23:19 -------- d-----w- c:\documents and settings\adam\Local Settings\Application Data\Adobe
2010-08-11 16:48 . 2010-08-21 16:29 -------- d-----w- c:\documents and settings\ausome dylan\Local Settings\Application Data\WeatherBug
2010-08-11 16:48 . 2010-08-11 16:48 -------- d-----w- c:\program files\Music Oasis
2010-08-11 16:48 . 2010-08-11 16:48 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\WeatherBug
2010-08-11 16:47 . 2010-08-11 16:47 -------- d-----w- c:\program files\AWS
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035
2010-08-11 16:46 . 2010-08-31 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\Yahoo!
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\program files\Shop to Win 2
2010-08-11 16:28 . 2010-08-11 16:32 -------- d-----w- c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}
2010-08-11 16:26 . 2010-08-11 16:26 -------- d-----w- c:\documents and settings\ausome dylan\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 03:07 . 2009-04-28 02:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-31 20:58 . 2008-06-26 04:35 -------- d-----w- c:\program files\CCleaner
2010-08-30 20:42 . 2010-03-10 02:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-11 20:24 . 2010-03-24 22:59 109656 -c--a-w- c:\documents and settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-11 16:48 . 2010-08-11 16:48 16958 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{c6c214df-2922-4809-94aa-f4d67d4451ec}\APPDIR_player.exe
2010-08-11 16:48 . 2010-08-11 16:48 14534 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{c6c214df-2922-4809-94aa-f4d67d4451ec}\SystemFolder_msiexec.exe
2010-08-11 16:48 . 2010-08-11 16:48 18944 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-08-11 16:48 . 2010-08-11 16:48 11264 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-08-11 16:47 . 2005-11-06 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-08-11 16:47 . 2005-06-07 02:00 -------- d-----w- c:\program files\Yahoo!
2010-08-11 16:46 . 2010-08-11 16:46 47275 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\Uninst.exe
2010-08-11 16:46 . 2010-08-11 16:46 646144 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\ShoppingBHO.dll
2010-08-07 01:19 . 2010-07-08 20:51 19750744 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\WizardGraphicalClient.exe
2010-08-07 01:19 . 2010-07-08 20:50 135168 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\StringTableEditorMFC.dll
2010-08-07 01:19 . 2010-07-08 20:50 73728 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\PatchClientUIRsrc-En.dll
2010-08-07 01:19 . 2010-07-08 20:50 49152 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Shockalock.dll
2010-08-07 01:19 . 2010-07-08 20:50 40960 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_PotionMotion.dll
2010-08-07 01:19 . 2010-07-08 20:50 53248 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_HotShots.dll
2010-08-07 01:19 . 2010-07-08 20:50 94208 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Dueling_Diego.dll
2010-08-07 01:19 . 2010-07-08 20:50 24576 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Concentration.dll
2010-08-07 01:19 . 2010-07-08 20:50 49152 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_ChooChooZoo.dll
2010-08-07 01:19 . 2010-07-08 20:50 39424 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\ConfiguratorResEnglish.dll
2010-08-07 01:19 . 2010-07-08 20:49 126808 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\BugReporter.exe
2010-08-07 01:17 . 2010-07-08 20:50 1003352 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\WizardLauncher.exe
2010-08-07 01:17 . 2010-07-08 20:49 1003352 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\WizardLauncher.exe
2010-08-07 01:17 . 2010-07-08 20:50 73728 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-08-07 01:17 . 2010-07-08 20:49 73728 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-08-07 01:17 . 2010-07-08 20:50 39424 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-08-07 01:17 . 2010-07-08 20:49 39424 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-08-07 01:17 . 2010-07-08 20:50 102232 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\Configurator.exe
2010-08-07 01:17 . 2010-07-08 20:49 102232 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\Configurator.exe
2010-07-23 20:21 . 2009-03-26 03:49 -------- d-----w- c:\program files\McAfee
2010-07-22 20:54 . 2007-06-25 19:52 -------- d-----w- c:\program files\Google
2010-07-19 15:02 . 2010-07-19 15:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-15 20:18 . 2009-03-26 03:53 120136 -c--a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-08 20:55 . 2010-07-08 20:55 449536 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2010-07-08 20:55 . 2010-07-08 20:55 389120 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2010-07-08 20:51 . 2010-07-08 20:51 59904 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\zlib1.dll
2010-07-08 20:51 . 2010-07-08 20:51 626688 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcr80.dll
2010-07-08 20:51 . 2010-07-08 20:51 1036288 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcp80d.dll
2010-07-08 20:51 . 2010-07-08 20:51 548864 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcp80.dll
2010-07-08 20:51 . 2010-07-08 20:51 389120 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\mss32.dll
2010-07-08 20:51 . 2010-07-08 20:51 1101824 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\mfc80.dll
2010-07-08 20:51 . 2010-07-08 20:51 1645320 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\gdiplus.dll
2010-07-08 20:51 . 2010-07-08 20:51 1045128 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\dbghelp.dll
2010-07-08 20:51 . 2010-07-08 20:51 2414360 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\d3dx9_31.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\PropertyClassSystem.dll
2010-07-08 20:50 . 2010-07-08 20:50 16384 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\WadToolNET.dll
2010-07-08 20:50 . 2010-07-08 20:50 15360 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\NIFStripper.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\KIPlatformWebService.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\KIPlatformDb.dll
2010-07-08 15:06 . 2010-07-08 20:49 59904 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\zlib1.dll
2010-07-08 15:06 . 2010-07-08 20:49 36184 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Wizard101.exe
2010-07-08 15:06 . 2010-07-08 20:50 495616 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\SkinCrafterDll.dll
2010-07-08 15:06 . 2010-07-08 20:50 207872 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\patchw32.dll
2010-07-08 15:06 . 2010-07-08 20:50 1645320 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\gdiplus.dll
2010-07-08 15:06 . 2010-07-08 20:49 495616 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\SkinCrafterDll.dll
2010-07-08 15:06 . 2010-07-08 20:49 207872 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\patchw32.dll
2010-07-08 15:06 . 2010-07-08 20:49 1645320 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\gdiplus.dll
2010-06-30 12:31 . 2003-03-31 02:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 02:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 02:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-03-31 02:00 80384 -c----w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-03-31 02:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 21:33 . 2009-12-18 20:19 251705 -c--a-w- c:\documents and settings\Sandy\Application Data\Sony Online Entertainment\npsoeact.dll
2008-05-07 21:07 . 2008-05-07 21:07 0 -c--a-w- c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\Alwil Software\Avast4\aswBoot.exe /A:* /L:English

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2009-10-22 06:23 1577984 -c--a-w- c:\program files\ATT-SST\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-07-31 13:40 468408 -c--a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [7/25/2005 7:51 PM 5632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/25/2009 11:00 PM 93320]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [7/19/2010 10:02 AM 632792]
S2 pciinfo;HP Pci Information; [x]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2/6/2010 7:15 PM 29184]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [12/29/2005 10:52 PM 56432]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [10/20/2009 8:02 PM 29184]
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 17:22]

2010-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 17:22]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{EDB393D3-C0CE-4708-BCB5-9E86989CDF28}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://m.www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.earthlink.net/welcome/?uname=jdskhill&domain=earthlink.net&coms=PUB
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2843979871-498606065-142571270-1011\Software\SecuROM\License information*]
"datasecu"=hex:8f,9e,58,10,6b,c6,15,a0,fd,79,60,e9,2f,e4,b0,49,73,6f,9e,b1,80,
62,ea,3f,dc,de,2f,63,fd,58,cf,39,3d,7e,ea,8f,67,0b,32,60,80,79,10,68,9c,69,\
"rkeysecu"=hex:ba,f6,ec,7b,2d,e9,70,19,14,2f,e6,19,2a,ec,f5,59

[HKEY_USERS\S-1-5-21-2843979871-498606065-142571270-1013\Software\SecuROM\License information*]
"datasecu"=hex:83,3d,a9,52,8c,dd,9f,50,c5,ba,c3,49,0d,b7,3f,f2,f1,b3,92,99,3e,
04,6f,37,c7,08,d6,db,e7,33,5d,45,c8,3b,45,e7,41,09,5e,42,be,e6,d0,13,b8,b7,\
"rkeysecu"=hex:6f,70,41,83,10,1b,d3,52,4d,aa,9b,e1,31,86,aa,05
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\McAfee\VirusScan\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-08-31 22:14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 03:14

Pre-Run: 5,379,682,304 bytes free
Post-Run: 5,212,200,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A87BB8C54A5F57C3E88E462DEAABE609

Computer seems to be running better. Firefox comes up faster and not getting errors was getting before on some add ons. Hopefully its fixed.

Thanks!
  • 0

#5
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}

DirLook::
c:\documents and settings\ausome dylan\Application Data\FCSB000062035
c:\program files\Shop to Win 2

Driver::
pciinfo

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.


NEXT



Clean Java Cache & Temporary Files
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT:



Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


NEXT:



Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#6
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
ComboFix 10-09-01.02 - Sandy 09/01/2010 21:32:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.745 [GMT -5:00]
Running from: c:\documents and settings\Sandy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sandy\Desktop\CFScript.txt
AV: Authentium Antivirus *On-access scanning enabled* (Updated) {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Authentium Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\14ABA30B\4384961B\RemoteSkin.wmz
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\17B52F58\7A3A7AD4\Default.skn
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\19B687CD\10021D18\error.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1A3E8190\5B894F00\Copy_Folder.bat
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1CD4F33E\5465F75F\IMTrProgress.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\22275590\5465F75F\UpdateInst.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\253DD188\5B894F00\Creatives.xml
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\26F283B2\5465F75F\Launcher_x64.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\2844D7E8\5465F75F\avformat-51.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\3299D68B\10021D18\noInternet.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\37DEA78\FF25D106\bg-top.jpg
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\37DEA78\FF25D106\closeRecommend.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\43BAECE8\5B894F00\WMAProfiles.prx
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\44D65ED6\5B894F00\FFPage.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\45417D96\5B894F00\NCTDataCDWriter2.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4DB83F74\10021D18\Recommendation_Offline.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4F72EEAA\5465F75F\avutil-49.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5459C276\10021D18\SetupDataMngr_BearShare.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C2FE811\5465F75F\Nickel.ocx
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C3E5631\E4C0BCA0\Smiley.ico
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C8005B3\5B894F00\htmlayout.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6048B1B4\5465F75F\UninstallUsers.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\616FE8CB\10021D18\loading.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\69096120\5465F75F\IMWebControl.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6C6D3108\5465F75F\libungif4.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6DAB6250\5B894F00\NCTAudioCompress3.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\771D3D0D\10021D18\license.txt
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\80162CE9\5B894F00\BerkeleyLoader.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\81AF4674\5B894F00\NCTAudioCDWriter2.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\83634109\1955D56B\WMHelper.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8459F157\5465F75F\GIFAnimator.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8A70A97C\75047EDB\BearShare.ico
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\91647351\5B894F00\NCTAudioFileWMA3.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\9600AA40\C8A3952D\ResourcesLoc.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\98E0F891\7A3A7AD4\Default.xml
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A65A7124\5B894F00\Player.swf
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A7457357\5465F75F\ammp3.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A9A94B67\5B894F00\FixAudioDriverSignature.reg
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\B8F69EAD\10021D18\offline.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\C659D865\5B894F00\ImageUploader5.ocx
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\10F113B4\albums.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\21DAE81F\pro-view.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\21DAE81F\view.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739\defpreview.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739\play.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739\play_disabled.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739\play_down.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739\play_over.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\55918EDF\defpreview.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\55918EDF\playbtn.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\55918EDF\playing.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\defalbum.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\defbutton.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\ls_btn.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\ls_btn_hover.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\ls_btn_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_bottom.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_bottom_over.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_bottom_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_fill.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider_center.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider_center_over.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider_center_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider_over.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_slider_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_top.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_top_over.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\sbv_top_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\th_btn.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\th_btn_hover.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\th_btn_pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\tip.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\tipb.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB\white.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\active.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\azure.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\black.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\blue.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\bs.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\byzantium.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\close-hovered.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\close-normal.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\close-pressed.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\close.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\dark-blue.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\green.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\grey.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\hover.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\inactive.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\magenta.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\olive.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\orange.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\pink.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\pro.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF\red.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\C0092918\videos.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\E94EBD31\cdrip.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\F47182D1\defpreview.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\F47182D1\list_btn.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\F47182D1\playbtn.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\F47182D1\playing.png
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\FBFA5EB5\artists.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\FBFA5EB5\menu.html
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CF0301D9\5465F75F\Launcher.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D758B4AF\5465F75F\avcodec-51.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D8E2DD7D\5B894F00\NCTAudioFile3.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1125B43\5465F75F\BearShare.exe
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1205031\5B894F00\NCTAudioFormatSettings3.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\DefArtwork.jpg
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\DefFemale.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\DefMale.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\FriendshipNotif.jpg
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\SendPlaylist.jpg
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\TAFLogo.PNG
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0\ToGoLogo.PNG
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E71FD6F8\4384961B\Settings.xml
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\EB499896\5465F75F\lic_helper.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F59C27E6\5B894F00\SHW32.DLL
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6485937\5465F75F\DiscoveryHelper.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6B6F1A3\5B894F00\NCTAudioCDGrabber2.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\10.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1040.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1043.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1044.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1050.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1054.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1055.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1057.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1058.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1060.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1062.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1063.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\1070.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\11.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\12.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\13.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\14.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\15.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\16.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\17.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\18.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\19.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\2.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\20.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\21.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\22.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\23.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\24.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\25.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\26.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\27.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\28.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\29.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\3.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\30.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\31.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\32.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\33.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\34.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\35.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\36.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\37.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\38.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\4.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\5.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\6.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\7.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\8.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837\9.gif
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mDown.dll\mDownExec.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
c:\documents and settings\ausome dylan\Local Settings\Application Data\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mMSI.dll\mMSIExec.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIINFO
-------\Legacy_USNJSVC
-------\Service_pciinfo
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-01 03:55 . 2010-09-01 04:14 -------- d-----w- c:\program files\Free Window Registry Repair
2010-09-01 03:27 . 2010-09-01 03:27 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-09-01 02:14 . 2010-09-01 02:14 -------- d-----w- C:\_OTL
2010-08-31 21:13 . 2010-08-31 21:14 -------- d-----w- c:\program files\ERUNT
2010-08-31 19:56 . 2010-08-31 20:08 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-21 02:22 . 2010-08-21 02:22 -------- d-----w- c:\program files\MSXML 4.0
2010-08-13 23:19 . 2010-08-13 23:19 -------- d-----w- c:\documents and settings\adam\Application Data\AdobeUM
2010-08-13 23:18 . 2010-08-13 23:19 -------- d-----w- c:\documents and settings\adam\Local Settings\Application Data\Adobe
2010-08-11 16:48 . 2010-08-21 16:29 -------- d-----w- c:\documents and settings\ausome dylan\Local Settings\Application Data\WeatherBug
2010-08-11 16:48 . 2010-08-11 16:48 -------- d-----w- c:\program files\Music Oasis
2010-08-11 16:48 . 2010-08-11 16:48 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\WeatherBug
2010-08-11 16:47 . 2010-08-11 16:47 -------- d-----w- c:\program files\AWS
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035
2010-08-11 16:46 . 2010-08-31 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\documents and settings\ausome dylan\Application Data\Yahoo!
2010-08-11 16:46 . 2010-08-11 16:46 -------- d-----w- c:\program files\Shop to Win 2
2010-08-11 16:26 . 2010-08-11 16:26 -------- d-----w- c:\documents and settings\ausome dylan\Local Settings\Application Data\PackageAware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 03:50 . 2009-04-28 02:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-01 03:27 . 2010-09-01 03:27 3584 ----a-r- c:\documents and settings\Sandy\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-09-01 03:26 . 2010-04-13 16:09 -------- d-----w- c:\program files\MSECache
2010-09-01 03:20 . 2004-08-25 01:44 109656 -c--a-w- c:\documents and settings\Sandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-31 20:58 . 2008-06-26 04:35 -------- d-----w- c:\program files\CCleaner
2010-08-30 20:42 . 2010-03-10 02:25 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-11 20:24 . 2010-03-24 22:59 109656 -c--a-w- c:\documents and settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-11 16:48 . 2010-08-11 16:48 16958 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{c6c214df-2922-4809-94aa-f4d67d4451ec}\APPDIR_player.exe
2010-08-11 16:48 . 2010-08-11 16:48 14534 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{c6c214df-2922-4809-94aa-f4d67d4451ec}\SystemFolder_msiexec.exe
2010-08-11 16:48 . 2010-08-11 16:48 18944 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2010-08-11 16:48 . 2010-08-11 16:48 11264 ----a-r- c:\documents and settings\ausome dylan\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2010-08-11 16:47 . 2005-11-06 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-08-11 16:47 . 2005-06-07 02:00 -------- d-----w- c:\program files\Yahoo!
2010-08-11 16:46 . 2010-08-11 16:46 47275 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\Uninst.exe
2010-08-11 16:46 . 2010-08-11 16:46 646144 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\ShoppingBHO.dll
2010-08-07 01:19 . 2010-07-08 20:51 19750744 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\WizardGraphicalClient.exe
2010-08-07 01:19 . 2010-07-08 20:50 135168 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\StringTableEditorMFC.dll
2010-08-07 01:19 . 2010-07-08 20:50 73728 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\PatchClientUIRsrc-En.dll
2010-08-07 01:19 . 2010-07-08 20:50 49152 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Shockalock.dll
2010-08-07 01:19 . 2010-07-08 20:50 40960 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_PotionMotion.dll
2010-08-07 01:19 . 2010-07-08 20:50 53248 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_HotShots.dll
2010-08-07 01:19 . 2010-07-08 20:50 94208 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Dueling_Diego.dll
2010-08-07 01:19 . 2010-07-08 20:50 24576 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_Concentration.dll
2010-08-07 01:19 . 2010-07-08 20:50 49152 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\MG_ChooChooZoo.dll
2010-08-07 01:19 . 2010-07-08 20:50 39424 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\ConfiguratorResEnglish.dll
2010-08-07 01:19 . 2010-07-08 20:49 126808 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\BugReporter.exe
2010-08-07 01:17 . 2010-07-08 20:50 1003352 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\WizardLauncher.exe
2010-08-07 01:17 . 2010-07-08 20:49 1003352 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\WizardLauncher.exe
2010-08-07 01:17 . 2010-07-08 20:50 73728 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-08-07 01:17 . 2010-07-08 20:49 73728 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-08-07 01:17 . 2010-07-08 20:50 39424 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-08-07 01:17 . 2010-07-08 20:49 39424 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-08-07 01:17 . 2010-07-08 20:50 102232 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\Configurator.exe
2010-08-07 01:17 . 2010-07-08 20:49 102232 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\Configurator.exe
2010-07-23 20:21 . 2009-03-26 03:49 -------- d-----w- c:\program files\McAfee
2010-07-22 20:54 . 2007-06-25 19:52 -------- d-----w- c:\program files\Google
2010-07-15 20:18 . 2009-03-26 03:53 120136 -c--a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-08 20:55 . 2010-07-08 20:55 449536 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2010-07-08 20:55 . 2010-07-08 20:55 389120 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2010-07-08 20:51 . 2010-07-08 20:51 59904 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\zlib1.dll
2010-07-08 20:51 . 2010-07-08 20:51 626688 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcr80.dll
2010-07-08 20:51 . 2010-07-08 20:51 1036288 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcp80d.dll
2010-07-08 20:51 . 2010-07-08 20:51 548864 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\msvcp80.dll
2010-07-08 20:51 . 2010-07-08 20:51 389120 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\mss32.dll
2010-07-08 20:51 . 2010-07-08 20:51 1101824 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\mfc80.dll
2010-07-08 20:51 . 2010-07-08 20:51 1645320 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\gdiplus.dll
2010-07-08 20:51 . 2010-07-08 20:51 1045128 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\dbghelp.dll
2010-07-08 20:51 . 2010-07-08 20:51 2414360 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\d3dx9_31.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\PropertyClassSystem.dll
2010-07-08 20:50 . 2010-07-08 20:50 16384 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\WadToolNET.dll
2010-07-08 20:50 . 2010-07-08 20:50 15360 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\NIFStripper.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\KIPlatformWebService.dll
2010-07-08 20:50 . 2010-07-08 20:50 2 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Bin\KIPlatformDb.dll
2010-07-08 15:06 . 2010-07-08 20:49 59904 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\zlib1.dll
2010-07-08 15:06 . 2010-07-08 20:49 36184 -c--a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\Wizard101.exe
2010-07-08 15:06 . 2010-07-08 20:50 495616 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\SkinCrafterDll.dll
2010-07-08 15:06 . 2010-07-08 20:50 207872 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\patchw32.dll
2010-07-08 15:06 . 2010-07-08 20:50 1645320 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankB\gdiplus.dll
2010-07-08 15:06 . 2010-07-08 20:49 495616 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\SkinCrafterDll.dll
2010-07-08 15:06 . 2010-07-08 20:49 207872 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\patchw32.dll
2010-07-08 15:06 . 2010-07-08 20:49 1645320 ----a-w- c:\documents and settings\ausome dylan\Application Data\KingsIsle Entertainment\Wizard101 Test\PatchClient\BankA\gdiplus.dll
2010-06-30 12:31 . 2003-03-31 02:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 02:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 02:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-03-31 02:00 80384 -c----w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-03-31 02:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 21:33 . 2009-12-18 20:19 251705 -c--a-w- c:\documents and settings\Sandy\Application Data\Sony Online Entertainment\npsoeact.dll
2008-05-07 21:07 . 2008-05-07 21:07 0 -c--a-w- c:\program files\temp01
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\ausome dylan\Application Data\FCSB000062035 ----

2010-08-11 16:46 . 2010-08-11 16:46 50 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\version.txt
2010-08-11 16:46 . 2010-08-11 16:46 47275 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\Uninst.exe
2010-08-11 16:46 . 2010-08-11 16:46 646144 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\ShoppingBHO.dll
2010-08-11 16:46 . 2009-11-25 07:38 1095 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\settings.xml
2010-08-11 16:46 . 2009-11-25 07:38 713 ----a-w- c:\documents and settings\ausome dylan\Application Data\FCSB000062035\Toolbar\patch.bat

---- Directory of c:\program files\Shop to Win 2 ----

2010-08-11 16:46 . 2010-08-11 16:46 47275 ----a-w- c:\program files\Shop to Win 2\Uninst.exe
2010-08-11 16:46 . 2010-08-11 16:46 50 ----a-w- c:\program files\Shop to Win 2\version.txt
2010-08-11 16:46 . 2010-08-11 16:46 646144 ----a-w- c:\program files\Shop to Win 2\ShoppingBHO.dll
2009-11-25 07:38 . 2009-11-25 07:38 713 ----a-w- c:\program files\Shop to Win 2\patch.bat
2009-11-25 07:38 . 2009-11-25 07:38 1095 ----a-w- c:\program files\Shop to Win 2\settings.xml


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\Alwil Software\Avast4\aswBoot.exe /A:* /L:English

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
2009-10-22 06:23 1577984 -c--a-w- c:\program files\ATT-SST\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-07-31 13:40 468408 -c--a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [7/25/2005 7:51 PM 5632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/25/2009 11:00 PM 93320]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2/6/2010 7:15 PM 29184]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\ADSFilter.sys [12/29/2005 10:52 PM 56432]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 2:16 PM 17536]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [10/20/2009 8:02 PM 29184]
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 17:22]

2010-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 17:22]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{EDB393D3-C0CE-4708-BCB5-9E86989CDF28}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://m.www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.earthlink.net/welcome/?uname=jdskhill&domain=earthlink.net&coms=PUB
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sandy\Application Data\Mozilla\Firefox\Profiles\fce3oryq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2843979871-498606065-142571270-1011\Software\SecuROM\License information*]
"datasecu"=hex:8f,9e,58,10,6b,c6,15,a0,fd,79,60,e9,2f,e4,b0,49,73,6f,9e,b1,80,
62,ea,3f,dc,de,2f,63,fd,58,cf,39,3d,7e,ea,8f,67,0b,32,60,80,79,10,68,9c,69,\
"rkeysecu"=hex:ba,f6,ec,7b,2d,e9,70,19,14,2f,e6,19,2a,ec,f5,59
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1216)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\siteadvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VirusScan\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-09-01 21:56:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 02:56
ComboFix2.txt 2010-09-01 03:14

Pre-Run: 5,249,323,008 bytes free
Post-Run: 5,192,040,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 306BB8ABA159E56B01D7FDE9B4D40E68

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4526

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/1/2010 10:13:28 PM
mbam-log-2010-09-01 (22-13-28).txt

Scan type: Quick scan
Objects scanned: 160365
Time elapsed: 12 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Sep 01 22:50:28 2010

Found and removed: C:\Program Files\Java\j2re1.4.2

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Sandy\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Sandy\Application Data\Sun\Java\jre1.6.0_14

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410200

Found and removed: SOFTWARE\Classes\JavaPlugin.142

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 2, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 01, 2010 15:43:03
Records in database: 4173897
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 123359
Threats found: 5
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 04:32:39


File name / Threat / Threats count
C:\Documents and Settings\ausome dylan\My Documents\MyFunCards.exe Infected: not-a-virus:AdWare.Win32.FunWeb.ar 1
C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Infected: Trojan-Spy.HTML.Smitfraud.c 2
C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Infected: Trojan-Spy.HTML.Smitfraud.a 2
C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Infected: Trojan-Spy.HTML.Bankfraud.dq 3
C:\Documents and Settings\Sandy\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Infected: Trojan-Spy.HTML.Bankfraud.ci 1

Selected area has been scanned.

**********************************

Still need to do Security Check, which will do later this evening when get home from work.

Thanks!
  • 0

#7
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

I'll await the SecurityCheck Log. :)

Infected Outlook
The Kaspersky log indicates that there are infected emails in the Inbox folder in Outlook.

Please delete the emails in your Inbox folder - keep only the emails that are of extreme importance. After you finish deleting the emails, please right click on the Deleted Items folder and click Empty 'Deleted Items' Folder.

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders
  • 0

#8
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 21
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.6) Firefox Out of Date!
Mozilla Thunderbird (3.0.6) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
McAfee VirusScan mcshield.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
  • 0

#9
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

How are things running?


Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
You are currently using an outdated version of Firefox. The latest version of Firefox is 3.6.8.

You can get the latest version of Firefox by accessing the Help menu in Firefox and then selecting Check for Updates. Please make sure that you Check for Updates again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:


Please update Thunderbird. You should be able to do this by going to the Help menu in Thunderbird, then clicking on the 'Check for Updates'.
  • 0

#10
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Ok Done.

Think is running better.
  • 0

#11
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.


Clean-Up Time

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#12
Jams

Jams

    Member

  • Member
  • PipPip
  • 47 posts
Thanks!
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Computer Running Slow & Rootkit found     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured