Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon.H; Patched-SYSFile.d, perhaps more?


  • This topic is locked This topic is locked

#1
shelovestomuse

shelovestomuse

    Member

  • Member
  • PipPipPip
  • 121 posts
NOTE:

First attempt to run GMER caused everything, including GMER, to freeze. Clicking on IE icon made it disappear. Cursor arrow went vertical-double when trying
to click on the Start menu in order to reboot. I had to hold the power button down in order to shut down, then power up again. The GMER log below is from the
second attempt.

While posting a new topic, I minimized the IE window while compiling the Notepad collection of logs. When I tried to reopen IE, it wouldn't respond. I tried opening
a new IE window, and the screen went blue with the system failure message. Only pushing/holding the power button would shut the computer off. I was able to
get it to turn on again, and compiled this document.

Also, it's important to mention that I went through your prelim steps up to and including running the McAfee scan. The MBAM never had a "show results" button. However,
the quarantine tab revealed an impressive, red-letter list that I promptly deleted before realizing I'd have nothing to show. After rebooting, the computer ran
very well for about 36 hours. I went through all the prelim steps again, and continued through the rest as well. The logs I'm providing are for the second time around.

Other issues include unable to shut off "automatic reboot" when hitting F8 during power-up. Previous issues included inability to use Ctrl+Alt+Del to access Task Manager. IE frequently froze, as did My Documents. I originally became aware of the possibility of Alureon.H because a Windows scan I didn't even know I had detected it, as well as Patched-SYSFile.d. It recommended running antivirus to eliminate it, but a full McAfee scan revealed nothing.

(All updates are automatic.)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4585

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/13/2010 6:41:20 PM
mbam-log-2010-09-13 (18-41-20).txt

Scan type: Quick scan
Objects scanned: 142659
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
____________________________________

ark.txt log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-13 19:05:23
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73A5DB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73A5DC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73A5DF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73A5E46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73A5D9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73A5D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73A5D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73A5DDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73A5E1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73A5E06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73A5E70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73A5E5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73A5E30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP F73A5E34 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP F73A5E4A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP F73A5E60 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C05DA 5 Bytes JMP F73A5E20 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP F73A5D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP F73A5D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP F73A5E74 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D3A 7 Bytes JMP F73A5E0A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP F73A5DDE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237C8 5 Bytes JMP F73A5DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP F73A5DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP F73A5DF4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP F73A5DA0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 027E0FEF
.text C:\WINDOWS\system32\wuauclt.exe[340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 027E0014
.text C:\WINDOWS\system32\wuauclt.exe[340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 027E0FD4
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 027D0FE5
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 027D0F59
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 027D0F6A
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027D0044
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 027D0033
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 027D0022
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027D0075
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027D0F2D
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027D0EDC
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027D0EF7
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 027D009A
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 027D0F91
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 027D0000
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027D0F48
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 027D0011
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 027D0FCA
.text C:\WINDOWS\system32\wuauclt.exe[340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027D0F12
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 027B0040
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!system 77C293C7 5 Bytes JMP 027B0FAB
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 027B0FBC
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 027B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 027B0011
.text C:\WINDOWS\system32\wuauclt.exe[340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 027B0000
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 027C0FC3
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 027C0065
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 027C0FD4
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 027C0FEF
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 027C0FA8
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 027C0000
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 027C0040
.text C:\WINDOWS\system32\wuauclt.exe[340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 027C002F
.text C:\WINDOWS\system32\wuauclt.exe[340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 027A0000
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[516] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F5F
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F70
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0090004A
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900F8D
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900094
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900079
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009000AF
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F16
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900EFB
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900039
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F4E
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F27
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0043
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F86
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0F97
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F97
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0022
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FB2
.text C:\WINDOWS\system32\svchost.exe[516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[516] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[516] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[516] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0092002C
.text C:\WINDOWS\system32\svchost.exe[516] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00920FDB
.text C:\WINDOWS\system32\svchost.exe[516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01240FEF
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01240014
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01240FDE
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F72
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00067
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00056
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00039
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00F97
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F3A
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D0008C
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000DD
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000B8
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D000EE
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00028
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00F61
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\Explorer.EXE[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D0009D
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0040
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0087
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF001B
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0062
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0051
.text C:\WINDOWS\Explorer.EXE[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01270047
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 0127002C
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01270FC6
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01270000
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01270011
.text C:\WINDOWS\Explorer.EXE[1036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01270FD7
.text C:\WINDOWS\Explorer.EXE[1036] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01250FEF
.text C:\WINDOWS\Explorer.EXE[1036] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01250FD4
.text C:\WINDOWS\Explorer.EXE[1036] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01250FC3
.text C:\WINDOWS\Explorer.EXE[1036] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01250014
.text C:\WINDOWS\Explorer.EXE[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01260FEF
.text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0005002F
.text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0004009A
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040FAF
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040FC0
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040073
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040051
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400ED
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400D2
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040134
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040123
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F80
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040062
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000400B5
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040036
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040108
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90014
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90F79
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E90F94
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [09, 89]
.text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E90025
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FC8
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007002E
.text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D7008C
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D7007B
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70FA1
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FB2
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70054
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F70
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D700B8
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70F44
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70F5F
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D700F8
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FC3
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FDE
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D700A7
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D7002F
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7001E
.text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D700DD
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50FAF
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50040
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FCA
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F50FDB
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F83
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F50F9E
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 89]
.text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F5001B
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0033
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FA8
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FE3
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0022
.text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\lsass.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F7C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0071
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0F8D
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F50
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F6B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE00DF
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE00CE
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00F0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0096
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00BD
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02470036
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02470FA5
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0247001B
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0247000A
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02470FC0
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02470FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02470058
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02470047
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02460020
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!system 77C293C7 5 Bytes JMP 02460F95
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02460FB7
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02460FEF
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02460FA6
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02460FD2
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F88
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F99
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D6007D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D6006C
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60040
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600A4
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600D0
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F41
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D60F26
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D6005B
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60F6D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D600BF
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0025
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0FA8
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FCA
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0065
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DA0040
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA0FB9
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90F9A
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90FAB
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90FC6
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90FE3
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[1636] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 01910000
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 01910FCA
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 01910FE5
.text C:\WINDOWS\System32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01900000
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01900082
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01900F83
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01900051
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01900F94
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01900036
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0190009D
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01900F61
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019000BF
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019000AE
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019000DA
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01900FAF
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01900FE5
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01900F72
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0190001B
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01900FCA
.text C:\WINDOWS\System32\svchost.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01900F30
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03F70025
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03F70F9E
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03F70000
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03F70FCA
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03F70051
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03F70FE5
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03F70FAF
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [17, 8C]
.text C:\WINDOWS\System32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03F70036
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03F60F86
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!system 77C293C7 5 Bytes JMP 03F60011
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03F60000
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03F60FEF
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03F60FAB
.text C:\WINDOWS\System32\svchost.exe[1676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03F60FD2
.text C:\WINDOWS\System32\svchost.exe[1676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01930FEF
.text C:\WINDOWS\System32\svchost.exe[1676] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01920FE5
.text C:\WINDOWS\System32\svchost.exe[1676] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01920FD4
.text C:\WINDOWS\System32\svchost.exe[1676] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01920014
.text C:\WINDOWS\System32\svchost.exe[1676] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01920FC3
.text C:\WINDOWS\system32\svchost.exe[1788] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[1788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00790FC3
.text C:\WINDOWS\system32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00780F57
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F72
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780F9E
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780036
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F29
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780071
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800B1
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F18
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00780EFD
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F46
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FDB
.text C:\WINDOWS\system32\svchost.exe[1788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00780096
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C004A
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0014
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C002F
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007C0F83
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9C, 88]
.text C:\WINDOWS\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C0F9E
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0064
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0053
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B001D
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B000C
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0038
.text C:\WINDOWS\system32\svchost.exe[1788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60F85
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B60084
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60FAA
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60069
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B6003D
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B600C1
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B600A6
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B60F32
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B60F43
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B600E6
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B60058
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B60095
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B6002C
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B6001B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B60F5E
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CA0FA8
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CA0F4D
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CA0F68
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CA0F83
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP 50C03388
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90066
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B9004B
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90029
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B9003A
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F50
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F6B
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F7C
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0076
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F2E
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB009B
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F02
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0EE7
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F3F
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F1D
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\svchost.exe[1920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FBC
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FCD
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD003D
.text C:\WINDOWS\system32\svchost.exe[1920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A8F0ED20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

---- EOF - GMER 1.0.15 ----
_______________________________________

OTL log

OTL logfile created on: 9/13/2010 7:22:55 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Charlotte Watson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 618.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.39 Gb Free Space | 73.03% Space Free | Partition Type: NTFS
Drive D: | 639.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Charlotte Watson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 19:21:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 19:21:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/04/18 20:36:34 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/04/18 20:36:34 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\[email protected] -- (Pcmcia)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 17:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/08 17:35:14 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/09/28 05:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2002/06/21 18:42:50 | 000,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{325308EF-E1A0-4A1D-9325-42F44383743C}: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C} [2010/07/21 10:07:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/19 07:21:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 13:31:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 12:05:10 | 000,000,000 | ---D | M]

[2009/09/15 19:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Extensions
[2009/09/16 06:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\extensions
[2009/09/15 19:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/19 23:57:44 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100709190227.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: avg.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: jamesavery.com ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: tamu.edu ([email] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tamu.edu ([library.tamu.edu.ezproxy] http in Trusted sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 19:21:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
[2010/09/10 12:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\My Documents\Roads
[2010/09/09 20:58:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/09 20:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/09 20:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 20:57:12 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charlotte Watson\Desktop\mbam-setup.exe
[2010/09/09 20:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/09 20:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/09 20:51:31 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Charlotte Watson\Desktop\erunt-setup.exe
[2010/09/09 20:38:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\TFC.exe
[2010/08/20 01:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/18 13:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 13:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 13:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/18 13:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/18 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/09 21:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Collections
[2010/08/09 15:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Application Data\Malwarebytes
[2010/08/09 15:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 15:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Application Data\Uniblue
[2010/07/30 22:01:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/29 13:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/27 09:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yqalhabuy
[2010/07/27 09:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/23 16:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 21:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\My Documents\Clouds
[2010/07/21 10:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/21 10:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/21 10:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}
[2010/07/21 10:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\egnqrmhnb
[2010/07/20 13:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\twuifjwqx
[2010/07/07 11:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Desktop\Colorado Springs
[2010/07/05 14:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Desktop\Pics
[2010/06/30 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/06/30 22:26:55 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/06/30 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/06/30 22:25:02 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/06/30 22:24:55 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/06/30 22:24:55 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/06/30 22:24:55 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/06/30 22:24:55 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/06/30 22:24:55 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/06/30 22:24:55 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/06/30 22:24:55 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/06/30 22:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/26 11:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\My Documents\Rachel Math

========== Files - Modified Within 90 Days ==========

[2010/09/13 19:21:39 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
[2010/09/13 19:17:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 19:16:49 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/09/13 19:16:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 19:16:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 19:16:44 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 18:26:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\NTREGOPT.lnk
[2010/09/13 18:26:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\ERUNT.lnk
[2010/09/13 18:25:13 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\ntuser.dat
[2010/09/13 18:25:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Charlotte Watson\ntuser.ini
[2010/09/13 18:17:29 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Homeschool Registration Record.xls
[2010/09/13 15:29:34 | 000,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/13 15:26:37 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Microsoft Word.lnk
[2010/09/11 16:04:19 | 000,551,557 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\fierce_bryan.jpg
[2010/09/09 21:30:25 | 000,149,392 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\HillLikesWhiteElephants.pdf
[2010/09/09 20:58:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 20:57:13 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Charlotte Watson\Desktop\mbam-setup.exe
[2010/09/09 20:51:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Charlotte Watson\Desktop\erunt-setup.exe
[2010/09/09 20:38:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\TFC.exe
[2010/09/08 11:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/08 00:18:10 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 23:04:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/07 23:02:23 | 000,000,193 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/06 13:07:41 | 000,803,287 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\bithell_fall_2010.jpg
[2010/09/06 08:13:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/04 20:27:32 | 000,000,892 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/09/03 16:23:31 | 006,228,992 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\911in156dias.pps
[2010/08/31 12:49:08 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Bryan 2010-2011 Grades.xls
[2010/08/28 21:55:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ykececiluvuneb.dat
[2010/08/28 04:39:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Swexod.bin
[2010/08/25 08:27:56 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\resume.doc
[2010/08/24 19:10:56 | 000,561,831 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SergioFAFSAapplication.pdf
[2010/08/24 19:08:58 | 000,211,989 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SergioFAFSA_PINapplication_confirmation.jpg
[2010/08/23 18:21:01 | 000,044,302 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Anna Lucille Brumbaugh with mommy and daddy.jpg
[2010/08/23 18:20:54 | 000,036,443 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Anna Lucille Brumbaugh name and date2.jpg
[2010/08/23 12:05:11 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/08/21 18:39:44 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\eBay Countdown.url
[2010/08/18 17:02:06 | 000,419,972 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\toll_receipt.jpg
[2010/08/18 13:31:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/18 13:19:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/18 13:19:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/18 13:09:33 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/18 08:00:30 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/08/15 09:19:12 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\spider.sav
[2010/08/13 08:54:04 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Sheepdog.doc
[2010/08/08 22:12:43 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels2_Sergio_Copy.doc
[2010/08/08 21:47:42 | 000,383,518 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\sergio_volcano2.jpg
[2010/08/08 21:45:37 | 000,825,118 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\sergio_volcano.jpg
[2010/08/08 20:56:04 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 19:39:13 | 004,202,005 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\FileZilla_3.3.3_win32-setup.exe
[2010/08/07 19:15:02 | 002,274,010 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\ClareLot1.jpg
[2010/08/05 12:57:16 | 002,869,236 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\C&OC'10Choir&Orchestrabrochure.pdf
[2010/08/03 21:15:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels2.doc
[2010/08/03 21:04:19 | 000,012,429 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels1.docx
[2010/07/29 18:32:11 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 14:44:21 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\ABC Pest & Lawn Cancellation.doc
[2010/07/26 18:44:14 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\mvt_en-us.msi
[2010/07/25 21:23:40 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SourceofWeaponsUsedbyMexicanDrugTraffickingOrganizations.doc
[2010/07/23 17:35:51 | 000,327,251 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0477.jpg
[2010/07/22 07:15:30 | 000,541,125 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0524.jpg
[2010/07/19 10:55:11 | 000,062,828 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 010.jpg
[2010/07/19 10:55:02 | 000,061,534 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 007.jpg
[2010/07/19 10:54:54 | 000,053,197 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 011 brightened.jpg
[2010/07/19 10:50:30 | 000,186,873 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\camp-girls.jpg
[2010/07/19 10:49:48 | 000,056,228 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp Briana waving.jpg
[2010/07/19 09:51:13 | 001,713,175 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\camp-boys.jpg
[2010/07/11 13:53:31 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Acacia_20100607.vnt
[2010/06/30 21:34:06 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\mvt_en-us.msi
[2010/06/23 14:53:33 | 000,246,392 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0466.jpg
[2010/06/23 14:52:59 | 000,193,204 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0464.jpg

========== Files Created - No Company Name ==========

[2010/09/13 18:44:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\gmer.exe
[2010/09/11 16:04:19 | 000,551,557 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\fierce_bryan.jpg
[2010/09/11 15:57:08 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/09 21:30:23 | 000,149,392 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\HillLikesWhiteElephants.pdf
[2010/09/09 20:58:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 20:53:49 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\NTREGOPT.lnk
[2010/09/09 20:53:49 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\ERUNT.lnk
[2010/09/07 23:02:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/06 13:07:41 | 000,803,287 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\bithell_fall_2010.jpg
[2010/09/04 18:38:13 | 000,706,400 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\P1010007.JPG
[2010/09/04 18:38:13 | 000,702,200 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\P1010005.JPG
[2010/09/04 18:38:13 | 000,701,575 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\P1010006.JPG
[2010/09/04 18:38:13 | 000,684,354 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\P1010003.JPG
[2010/09/04 18:38:13 | 000,670,553 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\P1010004.JPG
[2010/09/04 17:34:29 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/09/03 16:23:29 | 006,228,992 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\911in156dias.pps
[2010/08/31 12:46:49 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Bryan 2010-2011 Grades.xls
[2010/08/24 19:10:56 | 000,561,831 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SergioFAFSAapplication.pdf
[2010/08/24 19:08:58 | 000,211,989 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SergioFAFSA_PINapplication_confirmation.jpg
[2010/08/23 18:21:01 | 000,044,302 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Anna Lucille Brumbaugh with mommy and daddy.jpg
[2010/08/23 18:20:53 | 000,036,443 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Anna Lucille Brumbaugh name and date2.jpg
[2010/08/18 17:02:06 | 000,419,972 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\toll_receipt.jpg
[2010/08/18 13:31:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/18 13:09:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/08 21:47:42 | 000,383,518 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\sergio_volcano2.jpg
[2010/08/08 21:45:37 | 000,825,118 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\sergio_volcano.jpg
[2010/08/08 21:39:45 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels2_Sergio_Copy.doc
[2010/08/07 19:15:01 | 002,274,010 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\ClareLot1.jpg
[2010/08/05 12:57:16 | 002,869,236 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\C&OC'10Choir&Orchestrabrochure.pdf
[2010/08/03 21:15:19 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels2.doc
[2010/08/02 21:54:07 | 000,012,429 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\StMichaels1.docx
[2010/07/31 18:02:19 | 023,056,755 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\MOV03169.MPG
[2010/07/29 18:32:07 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/29 18:32:07 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/07/27 14:44:20 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\ABC Pest & Lawn Cancellation.doc
[2010/07/25 21:23:38 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\SourceofWeaponsUsedbyMexicanDrugTraffickingOrganizations.doc
[2010/07/23 17:35:48 | 000,327,251 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0477.jpg
[2010/07/22 07:15:23 | 000,541,125 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0524.jpg
[2010/07/21 10:21:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/21 10:07:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ykececiluvuneb.dat
[2010/07/21 10:07:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Swexod.bin
[2010/07/19 10:55:11 | 000,062,828 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 010.jpg
[2010/07/19 10:55:01 | 000,061,534 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 007.jpg
[2010/07/19 10:54:54 | 000,053,197 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp 011 brightened.jpg
[2010/07/19 10:50:30 | 000,186,873 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\camp-girls.jpg
[2010/07/19 10:49:48 | 000,056,228 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Leaving for camp Briana waving.jpg
[2010/07/19 09:51:13 | 001,713,175 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\camp-boys.jpg
[2010/07/17 11:31:02 | 003,048,960 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\mvt_en-us.msi
[2010/07/11 13:53:31 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Acacia_20100607.vnt
[2010/06/30 21:33:38 | 003,048,960 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\mvt_en-us.msi
[2010/06/26 13:34:39 | 004,202,005 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\FileZilla_3.3.3_win32-setup.exe
[2010/06/23 14:53:30 | 000,246,392 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0466.jpg
[2010/06/23 14:52:57 | 000,193,204 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\My Documents\Photo0464.jpg
[2010/02/01 09:49:46 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/09/16 15:02:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/30 17:48:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2009/01/26 08:38:35 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\fusioncache.dat
[2008/11/07 20:00:47 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2008/11/07 19:57:24 | 000,000,554 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/02/19 21:00:27 | 003,090,997 | ---- | C] () -- C:\Program Files\FileZilla_3.0.7.1_win32-setup.exe
[2008/01/30 16:24:08 | 003,064,631 | ---- | C] () -- C:\Program Files\FileZilla_3.0.6_win32-setup.exe
[2007/10/19 15:17:14 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/20 11:48:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2007/06/10 12:45:35 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Application Data\lp.xml
[2007/05/02 08:52:27 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4W.DLL
[2007/05/02 07:50:33 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007/05/02 07:50:33 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/05/01 17:44:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/04/24 09:08:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/17 20:17:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/17 20:11:23 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/04/17 20:11:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/04/17 20:11:01 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/04/17 19:51:19 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2009/08/20 10:51:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/01/24 20:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/08/18 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/25 13:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 18:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\AVGTOOLBAR
[2008/01/11 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\CoreFTP
[2010/09/11 23:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\FileZilla
[2007/06/24 15:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\FUJIFILM
[2010/03/05 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\IrfanView
[2010/08/09 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/18 08:00:30 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/04/17 19:52:54 | 000,005,064 | RH-- | M] () -- C:\dell.sdr
[2009/09/16 22:49:43 | 000,001,184 | ---- | M] () -- C:\dlcf.log
[2010/05/02 07:39:03 | 000,000,016 | ---- | M] () -- C:\h.txt
[2010/09/13 19:16:44 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2007/05/01 16:19:34 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 17:29:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/13 19:16:43 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/03/08 00:11:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/03/09 00:19:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/03/11 22:59:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/03/14 00:08:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/03/12 23:08:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/03/06 23:13:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/03/11 00:08:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/03/14 22:52:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/03/15 22:53:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/03/16 20:57:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/03/17 23:06:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/03/18 23:18:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/03/03 23:59:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/03/09 00:05:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/03/03 20:21:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/03/05 21:47:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/03/07 00:26:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/03/10 00:09:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/03/02 00:45:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/03/04 23:11:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/03/08 00:11:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/03/09 00:19:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/03/11 22:59:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/03/14 00:08:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/03/12 23:08:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/03/06 23:13:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/03/11 00:08:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/03/14 22:52:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/03/15 22:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/03/16 20:57:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/03/17 23:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/03/18 23:18:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/03/03 23:59:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/03/09 00:05:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/03/03 20:21:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/03/05 21:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/03/07 00:26:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/03/10 00:09:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/03/02 00:45:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/03/04 23:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/11 23:02:42 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-13 23:30:20
< End of report >
_______________________________________

Extras log

OTL Extras logfile created on: 9/13/2010 7:22:58 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Charlotte Watson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 618.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.39 Gb Free Space | 73.03% Space Free | Partition Type: NTFS
Drive D: | 639.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Charlotte Watson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- File not found
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- File not found
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSC" = McAfee Total Protection
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 3:18:20 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 3:18:21 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 3:18:21 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 3:18:21 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 3:18:21 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/12/2010 3:18:22 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/13/2010 7:24:16 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2010 7:24:20 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/13/2010 7:47:49 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application freecell.exe, version 5.1.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2010 7:49:21 PM | Computer Name = LAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3912 (0xf48) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Charlotte
Watson\Local Settings\Temp\WER4893.dir00\freecell.exe.hdmp by C:\WINDOWS\system32\dumprep.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


[ System Events ]
Error - 9/13/2010 7:26:21 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The AVG8 Firewall service failed to start due to the following error:
%%3

Error - 9/13/2010 7:27:03 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/13/2010 7:58:09 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The AVG8 WatchDog service failed to start due to the following error:
%%3

Error - 9/13/2010 7:58:09 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The AVG8 Firewall service failed to start due to the following error:
%%3

Error - 9/13/2010 7:58:50 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/13/2010 8:14:18 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 9/13/2010 8:16:55 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The AVG8 WatchDog service failed to start due to the following error:
%%3

Error - 9/13/2010 8:16:55 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The AVG8 Firewall service failed to start due to the following error:
%%3

Error - 9/13/2010 8:17:37 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 9/13/2010 8:18:11 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >
_______________________________

Thank you for your time.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
[list][*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Does that include disabling the tools I've downloaded from G2G? (ie) MBAM, OTL, GMER
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No just your antivirus - if you cannot disable it then continue with combofix but do not allow your antivirus to quarantine any files :)
  • 0

#5
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I can't disable McAfee. Truly, I'm tempted to just uninstall the useless thing. Would that be a viable solution?

I was able to disable (pardon any redundancies) a part of it when doing Run>services.msc, then right-clicking on McAfee services, Properties, Start-up type, choosing "disabled."

But Run>msconfig, Startup tab, I tried disabling McAfee mcagent, it gave me this response:

Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.

*I* am the only user on this computer. However, I rebooted into Safe Mode with networking, chose the Administrator account (NO idea why it's there. Wouldn't I be the default admin account?) I re-downloaded the Combofix, tried to run it, and it immediately picked up on the yet quite active McAfee. It said to disable the McAfee before clicking OK.

So, I tried the run>msconfig thing again, and got the same message about needing to be and Administrator to make those changes. I haven't dared click the Combofix OK, since McAfee's still alive and well.

:)

Edited by shelovestomuse, 18 September 2010 - 01:52 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - run Combofix but do not let McAfee quarantine anything :)
  • 0

#7
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Here is the log from ComboFix (I speak two languages fluently. This is not one of them. :) )


ComboFix 10-09-17.04 - Administrator 09/18/2010 15:08:20.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.768 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}
c:\documents and settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}\chrome.manifest
c:\documents and settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}\chrome\content\_cfg.js
c:\documents and settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}\chrome\content\overlay.xul
c:\documents and settings\Charlotte Watson\Local Settings\Application Data\{325308EF-E1A0-4A1D-9325-42F44383743C}\install.rdf
c:\windows\system32\spool\prtprocs\w32x86\CNMPP4W.DLL
c:\windows\system32\usp10(2).dll

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 19:30 . 2010-09-18 19:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-10 01:58 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 01:58 . 2010-09-10 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 01:58 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 01:53 . 2010-09-13 23:27 -------- d-----w- c:\program files\ERUNT
2010-08-20 06:14 . 2010-08-20 06:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 23:15 . 2008-01-15 19:50 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\FileZilla
2010-09-17 21:07 . 2008-08-23 23:47 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-13 23:57 . 2010-01-06 01:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 13:13 . 2010-07-21 15:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 22:33 . 2009-04-13 23:58 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Apple Computer
2010-08-29 02:55 . 2010-07-21 15:07 120 ----a-w- c:\windows\Ykececiluvuneb.dat
2010-08-28 09:39 . 2010-07-21 15:07 0 ----a-w- c:\windows\Swexod.bin
2010-08-24 19:57 . 2010-07-01 03:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-07-01 03:24 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 19:57 . 2010-07-01 03:24 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-07-01 03:24 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 19:57 . 2010-07-01 03:24 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2010-07-01 03:24 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2010-07-01 03:24 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-07-01 03:24 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 19:57 . 2010-04-14 17:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-04-14 17:50 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-18 18:31 . 2010-08-18 18:30 -------- d-----w- c:\program files\QuickTime
2010-08-18 18:19 . 2010-02-16 18:21 -------- d-----w- c:\program files\Safari
2010-08-18 18:13 . 2010-08-18 18:13 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-18 18:05 . 2010-08-18 18:04 -------- d-----w- c:\program files\iTunes
2010-08-18 18:05 . 2010-08-18 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 18:04 . 2010-08-18 18:04 -------- d-----w- c:\program files\iPod
2010-08-18 18:04 . 2009-04-13 23:54 -------- d-----w- c:\program files\Common Files\Apple
2010-08-18 17:55 . 2010-08-18 17:54 -------- d-----w- c:\program files\Bonjour
2010-08-18 17:41 . 2010-08-18 17:41 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 22:52 . 2010-08-09 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-09 20:53 . 2010-08-09 20:53 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Malwarebytes
2010-08-09 20:52 . 2010-08-09 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 20:40 . 2010-08-09 20:40 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Uniblue
2010-07-22 15:49 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 22:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-01 03:00 . 2007-04-18 01:17 40056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2008-02-20 02:01 . 2008-02-20 02:00 3090997 ----a-w- c:\program files\FileZilla_3.0.7.1_win32-setup.exe
2008-01-30 21:24 . 2008-01-30 21:24 3064631 ----a-w- c:\program files\FileZilla_3.0.6_win32-setup.exe
2010-08-24 19:57 . 2010-07-01 03:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 13:24 . 2007-10-11 00:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
2010-06-17 06:24 . 2010-06-17 06:24 40368 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

2007-04-18 01:14 . 2005-12-10 01:29 49152 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2007-04-18 01:11 . 2006-06-29 17:13 1032192 c:\program files\Dell\QuickSet\bak\quickset.exe

2008-01-24 13:05 . 2007-09-25 07:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe

2007-05-02 12:44 . 2002-02-05 03:32 53248 c:\program files\REGSHAVE\bak\REGSHAVE.EXE

2004-08-11 22:00 . 2004-08-04 10:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-11 22:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2007-04-18 00:52 . 2005-12-13 07:41 77824 c:\windows\system32\bak\hkcmd.exe

2007-04-18 00:52 . 2005-12-13 07:45 118784 c:\windows\system32\bak\igfxpers.exe

2007-04-18 00:52 . 2005-12-13 07:44 98304 c:\windows\system32\bak\igfxtray.exe

2007-04-18 01:11 . 2006-11-22 22:35 1392640 c:\windows\system32\bak\WLTRAY.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-06-25 03:32 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/30/2010 10:24 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [6/30/2010 10:25 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [6/30/2010 10:24 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/30/2010 10:24 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/30/2010 10:24 PM 88544]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [6/30/2010 10:26 PM 54776]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe --> c:\progra~1\AVG\AVG8\avgfws8.exe [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4/18/2009 8:36 PM 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4/18/2009 8:36 PM 29208]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/30/2010 10:24 PM 55840]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/30/2010 10:24 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/30/2010 10:24 PM 84264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
FF - ProfilePath -
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\[email protected]"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2447034510-1578476889-3553571194-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,18,76,ab,20,22,b3,46,bd,66,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,18,76,ab,20,22,b3,46,bd,66,99,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-09-18 15:14:03
ComboFix-quarantined-files.txt 2010-09-18 20:14

Pre-Run: 59,280,818,176 bytes free
Post-Run: 59,297,845,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - EA3442D6422D1AA23F2320B1AD48BD49
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

AWF::
c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
c:\windows\system32\bak\ctfmon.exe

File::
c:\windows\Ykececiluvuneb.dat
c:\windows\Swexod.bin


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I already have MalwareBytes installed. Should I uninstall and reinstall, or just use the one that's already there?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Use your current version but ensure you update it prior to scanning :)
  • 0

Advertisements


#11
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Should I put this into the OTL custom scan field again?

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No requirement this time just run a quick scan and also select all users :)
  • 0

#13
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Sorry. Had to rerun the OTL with "all users" checked. Here are the logs from all three programs:

ComboFix 10-09-17.04 - Administrator 09/18/2010 16:13:19.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.643 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\Swexod.bin"
"c:\windows\Ykececiluvuneb.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Swexod.bin
c:\windows\Ykececiluvuneb.dat

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 19:30 . 2010-09-18 19:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-10 01:58 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 01:58 . 2010-09-10 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 01:58 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 01:53 . 2010-09-13 23:27 -------- d-----w- c:\program files\ERUNT
2010-08-20 06:14 . 2010-08-20 06:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 23:15 . 2008-01-15 19:50 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\FileZilla
2010-09-17 21:07 . 2008-08-23 23:47 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-13 23:57 . 2010-01-06 01:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 13:13 . 2010-07-21 15:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-29 22:33 . 2009-04-13 23:58 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Apple Computer
2010-08-24 19:57 . 2010-07-01 03:25 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 19:57 . 2010-07-01 03:24 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 19:57 . 2010-07-01 03:24 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 19:57 . 2010-07-01 03:24 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 19:57 . 2010-07-01 03:24 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 19:57 . 2010-07-01 03:24 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 19:57 . 2010-07-01 03:24 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 19:57 . 2010-07-01 03:24 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 19:57 . 2010-04-14 17:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 19:57 . 2010-04-14 17:50 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-18 18:31 . 2010-08-18 18:30 -------- d-----w- c:\program files\QuickTime
2010-08-18 18:19 . 2010-02-16 18:21 -------- d-----w- c:\program files\Safari
2010-08-18 18:13 . 2010-08-18 18:13 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-18 18:05 . 2010-08-18 18:04 -------- d-----w- c:\program files\iTunes
2010-08-18 18:05 . 2010-08-18 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-18 18:04 . 2010-08-18 18:04 -------- d-----w- c:\program files\iPod
2010-08-18 18:04 . 2009-04-13 23:54 -------- d-----w- c:\program files\Common Files\Apple
2010-08-18 17:55 . 2010-08-18 17:54 -------- d-----w- c:\program files\Bonjour
2010-08-18 17:41 . 2010-08-18 17:41 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 22:52 . 2010-08-09 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-09 20:53 . 2010-08-09 20:53 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Malwarebytes
2010-08-09 20:52 . 2010-08-09 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-09 20:40 . 2010-08-09 20:40 -------- d-----w- c:\documents and settings\Charlotte Watson\Application Data\Uniblue
2010-07-22 15:49 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 22:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-01 03:00 . 2007-04-18 01:17 40056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2008-02-20 02:01 . 2008-02-20 02:00 3090997 ----a-w- c:\program files\FileZilla_3.0.7.1_win32-setup.exe
2008-01-30 21:24 . 2008-01-30 21:24 3064631 ----a-w- c:\program files\FileZilla_3.0.6_win32-setup.exe
2010-08-24 19:57 . 2010-07-01 03:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-18 01:14 . 2005-12-10 01:29 49152 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2007-04-18 01:11 . 2006-06-29 17:13 1032192 c:\program files\Dell\QuickSet\bak\quickset.exe

2008-01-24 13:05 . 2007-09-25 07:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

2007-01-19 17:54 . 2007-01-19 17:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe

2007-05-02 12:44 . 2002-02-05 03:32 53248 c:\program files\REGSHAVE\bak\REGSHAVE.EXE

2007-04-18 00:52 . 2005-12-13 07:41 77824 c:\windows\system32\bak\hkcmd.exe

2007-04-18 00:52 . 2005-12-13 07:45 118784 c:\windows\system32\bak\igfxpers.exe

2007-04-18 00:52 . 2005-12-13 07:44 98304 c:\windows\system32\bak\igfxtray.exe

2007-04-18 01:11 . 2006-11-22 22:35 1392640 c:\windows\system32\bak\WLTRAY.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-17 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-06-25 03:32 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/30/2010 10:24 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [6/30/2010 10:25 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [6/30/2010 10:24 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/30/2010 10:24 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/30/2010 10:24 PM 88544]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [6/30/2010 10:26 PM 54776]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe --> c:\progra~1\AVG\AVG8\avgfws8.exe [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [6/30/2010 10:24 PM 271480]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 8:11 PM 229688]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4/18/2009 8:36 PM 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4/18/2009 8:36 PM 29208]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/30/2010 10:24 PM 55840]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/30/2010 10:24 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/30/2010 10:24 PM 84264]
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\[email protected]"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2447034510-1578476889-3553571194-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,18,76,ab,20,22,b3,46,bd,66,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,18,76,ab,20,22,b3,46,bd,66,99,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(200)
c:\windows\system32\WININET.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-18 16:24:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-18 21:24
ComboFix2.txt 2010-09-18 20:14

Pre-Run: 59,309,268,992 bytes free
Post-Run: 59,301,756,928 bytes free

- - End Of File - - AD7F6B1E73C83F0734B22260EFFEA61D

_______________________________________________________________________

OTL logfile created on: 9/18/2010 4:59:28 PM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 55.24 Gb Free Space | 74.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/18 16:09:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/18 16:09:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/04/18 20:36:34 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/04/18 20:36:34 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\[email protected] -- (Pcmcia)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 17:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/08 17:35:14 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/09/28 05:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
DRV - [2002/06/21 18:42:50 | 000,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/19 07:21:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 18:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 12:05:10 | 000,000,000 | ---D | M]

[2009/09/15 19:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/19 23:57:44 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/09/18 16:18:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100916184212.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2447034510-1578476889-3553571194-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\wmsdk64_32.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/09/18 16:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/18 16:09:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/18 15:06:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/18 15:03:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/18 15:03:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/18 15:03:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/18 15:03:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/18 14:39:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/18 14:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/09/18 14:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/09/18 14:30:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/09/09 20:58:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/09 20:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/09 20:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 20:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/09 20:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/20 01:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/18 13:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 13:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/18 13:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/18 13:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/18 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/09 17:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/08/09 17:52:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/08/09 17:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/08/09 15:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 22:01:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/29 13:20:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/27 09:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yqalhabuy
[2010/07/27 09:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/23 16:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/21 10:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/21 10:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/06/30 22:26:55 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/06/30 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/06/30 22:25:02 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/06/30 22:24:55 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/06/30 22:24:55 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/06/30 22:24:55 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/06/30 22:24:55 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/06/30 22:24:55 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/06/30 22:24:55 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/06/30 22:24:55 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/06/30 22:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

========== Files - Modified Within 90 Days ==========

[2010/09/18 16:51:48 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/18 16:19:04 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/18 16:18:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/18 16:18:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/18 16:18:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/18 16:17:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/18 16:09:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/18 15:06:35 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/18 14:37:53 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/09/18 14:37:52 | 000,000,661 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/18 14:36:55 | 003,846,590 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/09/18 14:28:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/18 08:27:28 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/09/17 16:07:14 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/09/15 11:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/15 07:05:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/11 15:56:16 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/09 20:58:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 00:18:10 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 23:02:23 | 000,000,193 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/06 08:13:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/04 20:27:32 | 000,000,892 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/23 12:05:11 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/08/18 13:31:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/18 13:19:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/18 13:09:33 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/30 22:00:44 | 000,040,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/09/18 15:06:35 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/18 15:06:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/18 15:03:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/18 15:03:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/18 15:03:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/18 15:03:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/18 15:03:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/18 14:36:55 | 003,846,590 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/09/17 16:07:13 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/09/09 20:58:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 23:02:23 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/04 17:34:29 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/08/18 13:31:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/18 13:09:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/29 18:32:07 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/29 18:32:07 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/07/21 10:21:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/01 09:49:46 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/09/16 15:02:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/30 17:48:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2008/11/07 20:00:47 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2008/11/07 19:57:24 | 000,000,554 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/02/19 21:00:27 | 003,090,997 | ---- | C] () -- C:\Program Files\FileZilla_3.0.7.1_win32-setup.exe
[2008/01/30 16:24:08 | 003,064,631 | ---- | C] () -- C:\Program Files\FileZilla_3.0.6_win32-setup.exe
[2007/07/20 11:48:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\sunkist.ini
[2007/05/02 08:52:27 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4W.DLL
[2007/05/02 07:50:33 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007/05/02 07:50:33 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/05/01 17:44:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/04/24 09:08:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/17 20:17:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/17 20:11:23 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/04/17 20:11:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/04/17 20:11:01 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/04/17 19:51:19 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 000,000,892 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2008/01/24 20:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2009/08/20 10:51:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/01/24 20:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/08/18 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/25 13:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 18:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/18 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\AVGTOOLBAR
[2008/01/11 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\CoreFTP
[2010/09/17 18:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\FileZilla
[2007/06/24 15:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\FUJIFILM
[2010/03/05 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\IrfanView
[2010/08/09 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Uniblue
[2009/05/08 19:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========


< End of report >

_____________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4649

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/18/2010 4:51:23 PM
mbam-log-2010-09-18 (16-51-23).txt

Scan type: Quick scan
Objects scanned: 142575
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good what are your current problems ?

I notice that you have both AVG and McAfee I would recommend uninstalling one of them

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine


  • 0

#15
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
So sorry for the delay.

First, I thought I had already uninstalled AVG...did it from the Control Panel. Not sure how that works, but I did know it's not good to have more than one running. Can I just manually delete the files from the Programs folder?

Second, yesterday, my Internet pages kept getting hung, sometimes responding to refresh, eventually just going entirely kaput. Turns out there was DSL but no Internet (???). Spent an hour fooling with it, couldn't get Internet on any of the three laptops in this house. Spent another 90 minutes with Verizon, got absolutely nowhere. They said the modem/router wasn't functioning. Spent another hour fooling with it, finally shut down the whole shooting match.

Got up this morning, turned my laptop and modem/router on, thinking maybe the Internet fairy godmother came during the night and fixed it. Imagine my surprise when it actually worked! Pages still seem to hang occasionally, but so far today have responded to refresh except for one freeze.

So now, I'm completely confused. In all that gobbledy-gook up there, were you able to spot any actual infection problems? Can viruses cause that kind of issue with a modem/router connection? Or has this whole fiasco been a hardware problem all along, and the darn thing is indeed on its last legs? And, of course, we can't leave out an "all of the above" option.

Again, I apologize for the delay, and fretted that you'd think me a total ingrate. Al contrario, I am profoundly grateful for your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP