TechSpot

8 Steps Completed need a check

By mpete
Apr 13, 2011
  1. Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6338

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/11/2011 8:48:58 PM
    mbam-log-2011-04-11 (20-48-58).txt

    Scan type: Quick scan
    Objects scanned: 201369
    Time elapsed: 9 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. mpete

    mpete TS Rookie Topic Starter Posts: 50

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-12 22:14:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9408114A rev.8.03
    Running: z1rkppqf.exe; Driver: C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\ugddypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 86BC0109 ZwCreateThread

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[164] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[676] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\Explorer.EXE[692] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\services.exe[1052] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\lsass.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
     
  3. mpete

    mpete TS Rookie Topic Starter Posts: 50

    .text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1312] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\System32\svchost.exe[1504] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1592] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1700] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\svchost.exe[1928] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!ReadFile 7C801812 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!WriteFile 7C810E27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!PeekNamedPipe 7C860977 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] kernel32.dll!WinExec 7C86250D 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] msvcrt.dll!system 77C293C7 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] msvcrt.dll!_creat 77C2D40F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] msvcrt.dll!_read 77C2FAA3 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] msvcrt.dll!_write 77C30303 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WS2_32.dll!select 71AB30A8 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WS2_32.dll!socket 71AB4211 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WS2_32.dll!bind 71AB4480 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WS2_32.dll!send 71AB4C27 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WS2_32.dll!recv 71AB676F 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WININET.dll!InternetReadFile 3D94654B 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WININET.dll!InternetOpenA 3D95D690 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
    .text C:\WINDOWS\system32\wuauclt.exe[2732] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes CALL 37001160 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  4. mpete

    mpete TS Rookie Topic Starter Posts: 50

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by peterson7j at 21:08:04.08 on Wed 04/13/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.222 [GMT -4:00]
    .
    AV: Smart Internet Protection 2011 *Enabled/Updated* {212853CA-38C0-4B9F-BBD7-3861D7184A8F}
    FW: Smart Internet Protection 2011 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\peterson7j\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Microsoft Internet Explorer provided by Single Source Systems Inc
    uInternet Settings,ProxyServer = http=127.0.0.1:25397
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: CmjBrowserHelperObject Object: {ac41d38f-b56d-40ad-94e0-b493d130c959} - c:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe"
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
    mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
    mRun: [pdfSaver3]
    mRun: [MMReminderService] c:\program files\mindjet\mindmanager 6\MMReminderService.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - {AC41D38F-B56D-40AD-94E0-B493D130C959} - c:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: singlesrc.com\www
    Trusted Zone: singlesrc.com\www2
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136556179013
    DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://mobile.singlesrc.com/tsweb/msrdp.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/JandJCPUS/Coupons.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    IFEO: image file execution options - svchost.exe
    Hosts: 204.152.194.148 www.google.com
    Hosts: 204.152.194.148 google.com
    Hosts: 204.152.194.148 google.com.au
    Hosts: 204.152.194.148 www.google.com.au
    Hosts: 204.152.194.148 google.be
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-1-5 58464]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-16 54752]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-20 88176]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-1-5 102463]
    R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-1-5 108480]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe --> c:\windows\system32\nlssrv32.exe [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    .
    =============== Created Last 30 ================
    .
    2011-04-13 00:25:02 -------- d-----w- c:\docume~1\peters~1\locals~1\applic~1\Apple
    2011-03-24 01:27:02 -------- d-----w- c:\windows\system32\scripting
    2011-03-24 01:27:00 -------- d-----w- c:\windows\l2schemas
    2011-03-24 01:26:58 -------- d-----w- c:\windows\system32\en
    2011-03-24 01:26:58 -------- d-----w- c:\windows\system32\bits
    2011-03-24 01:17:08 -------- d-----w- c:\windows\network diagnostic
    2011-03-20 17:32:52 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-03-20 17:32:52 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-03-20 17:30:57 -------- d-----w- c:\program files\iPod
    2011-03-20 17:30:44 -------- d-----w- c:\program files\iTunes
    2011-03-20 17:30:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-03-20 17:27:23 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-03-20 17:27:23 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-03-20 17:26:21 -------- d-----w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 21:10:06.57 ===============
     
  5. mpete

    mpete TS Rookie Topic Starter Posts: 50

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/5/2006 9:19:09 AM
    System Uptime: 4/11/2011 8:34:42 PM (49 hours ago)
    .
    Motherboard: Dell Inc. | | 0WF351
    Processor: Intel(R) Pentium(R) M processor 1.70GHz | Microprocessor | 1186/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 34 GiB total, 12.14 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1068: 1/18/2011 8:07:39 AM - System Checkpoint
    RP1069: 1/19/2011 8:52:12 AM - System Checkpoint
    RP1070: 1/20/2011 9:11:08 AM - System Checkpoint
    RP1071: 1/26/2011 8:52:27 AM - Removed Logitech QuickCam
    RP1072: 2/1/2011 10:42:01 AM - Removed MaxCommunicator 6.5
    RP1073: 2/1/2011 10:43:38 AM - Removed Avistar C3 Communicator™ 1.3
    RP1074: 2/1/2011 10:59:43 AM - Removed DING!
    RP1075: 2/1/2011 11:00:13 AM - Removed EducateU
    RP1076: 2/1/2011 11:01:29 AM - Removed WebEx Recorder and Player
    RP1077: 2/1/2011 11:02:57 AM - Configured Broadcom Management Programs 2
    RP1078: 2/6/2011 11:05:20 AM - System Checkpoint
    RP1079: 2/6/2011 12:55:55 PM - Removed Ask Toolbar.
    RP1080: 2/6/2011 1:04:39 PM - Software Distribution Service 3.0
    RP1081: 2/9/2011 9:56:17 AM - System Checkpoint
    RP1082: 2/10/2011 11:45:26 AM - System Checkpoint
    RP1083: 2/11/2011 11:54:07 AM - System Checkpoint
    RP1084: 2/13/2011 8:55:28 AM - System Checkpoint
    RP1085: 2/18/2011 9:56:01 AM - System Checkpoint
    RP1086: 2/24/2011 7:05:37 PM - System Checkpoint
    RP1087: 3/4/2011 5:11:18 PM - System Checkpoint
    RP1088: 3/20/2011 1:01:33 PM - Removed Snagit 9.1.3
    RP1089: 3/20/2011 1:30:36 PM - Installed iTunes
    RP1090: 3/22/2011 8:11:27 PM - System Checkpoint
    RP1091: 3/23/2011 8:59:22 PM - Software Distribution Service 3.0
    RP1092: 4/8/2011 9:19:38 AM - System Checkpoint
    RP1093: 4/11/2011 10:39:47 PM - System Checkpoint
    RP1094: 4/13/2011 12:39:19 AM - System Checkpoint
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 204.152.194.148 www.google.com
    Hosts: 204.152.194.148 google.com
    Hosts: 204.152.194.148 google.com.au
    Hosts: 204.152.194.148 www.google.com.au
    Hosts: 204.152.194.148 google.be
    Hosts: 204.152.194.148 www.google.be
    Hosts: 204.152.194.148 google.com.br
    Hosts: 204.152.194.148 www.google.com.br
    Hosts: 204.152.194.148 google.ca
    Hosts: 204.152.194.148 www.google.ca
    Hosts: 204.152.194.148 google.ch
    Hosts: 204.152.194.148 www.google.ch
    Hosts: 204.152.194.148 google.de
    Hosts: 204.152.194.148 www.google.de
    Hosts: 204.152.194.148 google.dk
    Hosts: 204.152.194.148 www.google.dk
    Hosts: 204.152.194.148 google.fr
    Hosts: 204.152.194.148 www.google.fr
    Hosts: 204.152.194.148 google.ie
    Hosts: 204.152.194.148 www.google.ie
    Hosts: 204.152.194.148 google.it
    Hosts: 204.152.194.148 www.google.it
    Hosts: 204.152.194.148 google.co.jp
    Hosts: 204.152.194.148 www.google.co.jp
    Hosts: 204.152.194.148 google.nl
    Hosts: 204.152.194.148 www.google.nl
    Hosts: 204.152.194.148 google.no
    Hosts: 204.152.194.148 www.google.no
    Hosts: 204.152.194.148 google.co.nz
    Hosts: 204.152.194.148 www.google.co.nz
    Hosts: 204.152.194.148 google.pl
    Hosts: 204.152.194.148 www.google.pl
    Hosts: 204.152.194.148 google.se
    Hosts: 204.152.194.148 www.google.se
    Hosts: 204.152.194.148 google.co.uk
    Hosts: 204.152.194.148 www.google.co.uk
    Hosts: 204.152.194.148 google.co.za
    Hosts: 204.152.194.148 www.google.co.za
    Hosts: 204.152.194.148 www.google-analytics.com
    Hosts: 204.152.194.148 www.bing.com
    Hosts: 204.152.194.148 search.yahoo.com
    Hosts: 204.152.194.148 www.search.yahoo.com
    Hosts: 204.152.194.148 uk.search.yahoo.com
    Hosts: 204.152.194.148 ca.search.yahoo.com
    Hosts: 204.152.194.148 de.search.yahoo.com
    Hosts: 204.152.194.148 fr.search.yahoo.com
    Hosts: 204.152.194.148 au.search.yahoo.com
    .
    ==== Installed Programs ======================
    .
    7300
    7300_Help
    7300Trb
    Adobe Flash Player 10 ActiveX
    Adobe Reader 7.0
    Adobe Shockwave Player 11.5
    AiO_Scan
    AiOSoftware
    ALPS Touch Pad Driver
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    Bonjour
    BufferChm
    Compatibility Pack for the 2007 Office system
    Conexant D110 MDC V.9x Modem
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Dell Digital Jukebox Driver
    Dell Driver Download Manager
    Dell Driver Reset Tool
    Dell Media Experience
    Dell System Restore
    DellSupport
    Destinations
    Digital Content Portal
    Digital Line Detect
    Director
    DocProc
    DocumentViewer
    EPSON Scan
    Fax
    Google Toolbar for Internet Explorer
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Officejet 7300 series
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Software Update
    HPSystemDiagnostics
    InstantShare
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    Internal Network Card Power Management
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Junk Mail filter update
    Logitech Desktop Messenger
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    McAfee VirusScan Enterprise
    mCore
    mDrWiFi
    mGina
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Unified Communications Client API SDK
    Mindjet MindManager Pro 6
    mIWA
    mIWCA
    mLogView
    mMHouse
    Modem Helper
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    mSSO
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mToolkit
    mWlsSafe
    mXML
    mZConfig
    NetWaiting
    OutlookAccessAddInSetup
    PanoStandAlone
    PDF-XChange 3.0
    Pdf995
    PhotoGallery
    PowerDVD 5.5
    ProductContext
    QFolder
    QuickTime
    Readme
    RealPlayer Basic
    Rhapsody Player Engine
    Scan
    ScannerCopy
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Segoe UI
    SkinsHP1
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    TrayApp
    Unity Web Player
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Safety scanner
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows XP Service Pack 3
    WinUtilities 9.94 Free Edition
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/11/2011 9:06:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    4/11/2011 8:35:17 PM, error: NETLOGON [5719] - No Domain Controller is available for domain SINGLESOURCE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    4/11/2011 8:30:13 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7034] - The Network Associates Task Manager service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:27:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    4/11/2011 8:27:41 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/11/2011 8:27:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
    4/11/2011 8:27:15 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/11/2011 8:24:42 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:42 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:41 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:41 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:40 PM, error: Service Control Manager [7034] - The WLANKEEPER service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:40 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:40 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
    4/11/2011 8:24:40 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We just cleaned your computer 1 week ago.
    Why on earth did you uninstall Avira and install rogue "Smart Internet Protection 2011"?
    Unless we're talking about different computer....
     
  7. mpete

    mpete TS Rookie Topic Starter Posts: 50

    no, this is my sons computer which was my wife old work computer.
     
  8. mpete

    mpete TS Rookie Topic Starter Posts: 50

    Internet has been running slow on this one, and google search bar goes to chinese.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Well, you're definitely infected.

    To start with, I want you to go here: http://www.2-spyware.com/remove-smart-internet-protection-2011.html and follow steps 1-4.
    Do NOT follow step 5!

    Then, restart in normal mode and...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. mpete

    mpete TS Rookie Topic Starter Posts: 50

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x002c4a1c

    Kernel Drivers (total 147):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF7A47000 \WINDOWS\system32\KDCOM.DLL
    0xF7957000 \WINDOWS\system32\BOOTVID.dll
    0xF7418000 ACPI.sys
    0xF7A49000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7407000 pci.sys
    0xF7547000 isapnp.sys
    0xF795B000 compbatt.sys
    0xF795F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B0F000 pciide.sys
    0xF77C7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7A4B000 intelide.sys
    0xF73E9000 pcmcia.sys
    0xF7557000 MountMgr.sys
    0xF73CA000 ftdisk.sys
    0xF73A4000 dmio.sys
    0xF77CF000 PartMgr.sys
    0xF7567000 VolSnap.sys
    0xF738C000 atapi.sys
    0xF7577000 disk.sys
    0xF7587000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF736C000 fltmgr.sys
    0xF735A000 sr.sys
    0xF7345000 drvmcdb.sys
    0xF77D7000 PxHelp20.sys
    0xF732E000 KSecDD.sys
    0xF72A1000 Ntfs.sys
    0xF7274000 NDIS.sys
    0xF7597000 ohci1394.sys
    0xF75A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF725A000 Mup.sys
    0xF75C7000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6465000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A37000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF629D000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6289000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7827000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6265000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF782F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6435000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF6251000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF5F41000 \SystemRoot\system32\DRIVERS\w29n51.sys
    0xF5EFE000 \SystemRoot\system32\drivers\STAC97.sys
    0xF5EDA000 \SystemRoot\system32\drivers\portcls.sys
    0xF6415000 \SystemRoot\system32\drivers\drmk.sys
    0xF5EB7000 \SystemRoot\system32\drivers\ks.sys
    0xF5E86000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xF5D87000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF5CC9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF7857000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF7777000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF5CAF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF785F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF786F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7787000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7877000 \SystemRoot\system32\drivers\pfc.sys
    0xF7A85000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF7797000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF787F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF5C72000 \SystemRoot\system32\DRIVERS\iwca.sys
    0xF7BBB000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF75E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7221000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5C5B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF75F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7607000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7887000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5C4A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7627000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77EF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF791F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF3DC5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF513B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7AC7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF3D67000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A1B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7817000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF3DF5000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA93C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF2C69000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA87F5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xAA28E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA895D000 \SystemRoot\System32\Drivers\Null.SYS
    0xAA28C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA8FFA000 \SystemRoot\system32\drivers\ssrtln.sys
    0xA8FF2000 \SystemRoot\System32\drivers\vga.sys
    0xAA28A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xAA288000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA8FEA000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA8FE2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA87F1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA69E9000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA6990000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA8A0A000 \SystemRoot\system32\drivers\mvstdi5x.sys
    0xA6968000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA6946000 \SystemRoot\System32\drivers\afd.sys
    0xA89FA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA691B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA68AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA89DA000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA6885000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA897A000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA686D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xA9964000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF2E45000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA867A000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C4F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xF3E75000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF58C5000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF58F5000 \SystemRoot\system32\drivers\drvnddm.sys
    0xAA7FE000 \SystemRoot\system32\dla\tfsndres.sys
    0xA6857000 \SystemRoot\system32\dla\tfsnifs.sys
    0xA87F9000 \SystemRoot\system32\dla\tfsnopio.sys
    0xA86D8000 \SystemRoot\system32\dla\tfsnpool.sys
    0xA8652000 \SystemRoot\system32\dla\tfsnboio.sys
    0xF7737000 \SystemRoot\system32\dla\tfsncofs.sys
    0xA8961000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA683E000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA6825000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xA9B38000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    0xF7209000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA8C13000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA6730000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7A4D000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF7A7F000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xA6661000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA6651000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA65AC000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF58E5000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA5E33000 \SystemRoot\system32\drivers\naiavf5x.sys
    0xA5D07000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA6805000 \??\C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
    0xA67F1000 \??\C:\WINDOWS\system32\drivers\EntDrv51.sys
    0xF7AA3000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xA8FDA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA5253000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    600 C:\WINDOWS\system32\smss.exe
    772 csrss.exe
    796 C:\WINDOWS\system32\winlogon.exe
    1132 C:\WINDOWS\system32\services.exe
    1144 C:\WINDOWS\system32\lsass.exe
    1324 C:\WINDOWS\system32\svchost.exe
    1400 svchost.exe
    1540 C:\WINDOWS\system32\svchost.exe
    1576 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1628 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1700 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1756 svchost.exe
    1956 svchost.exe
    424 C:\WINDOWS\system32\spoolsv.exe
    280 svchost.exe
    1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    532 C:\Program Files\Bonjour\mDNSResponder.exe
    912 C:\Program Files\Java\jre6\bin\jqs.exe
    1076 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
    1100 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    968 C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    1728 naPrdMgr.exe
    1776 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    1844 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1912 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
    456 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    556 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    1348 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1964 C:\WINDOWS\explorer.exe
    2128 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    2488 C:\WINDOWS\system32\rundll32.exe
    2524 C:\WINDOWS\system32\svchost.exe
    2624 wdfmgr.exe
    2756 C:\WINDOWS\system32\wuauclt.exe
    3364 C:\Program Files\Apoint\Apoint.exe
    3448 C:\Program Files\Java\jre6\bin\jusched.exe
    3532 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    3812 C:\Program Files\Dell\Media Experience\PCMService.exe
    3828 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    3844 C:\Program Files\Real\RealPlayer\realplay.exe
    3860 C:\WINDOWS\system32\dla\tfswctrl.exe
    3876 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3888 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    3900 C:\Program Files\Network Associates\VirusScan\shstat.exe
    3908 C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    3916 C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
    3928 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3964 C:\WINDOWS\system32\hkcmd.exe
    4032 C:\WINDOWS\system32\igfxpers.exe
    4044 C:\Program Files\iTunes\iTunesHelper.exe
    2668 C:\WINDOWS\system32\ctfmon.exe
    3008 C:\Program Files\Apoint\ApntEx.exe
    3024 alg.exe
    3480 C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    3732 wmiprvse.exe
    3780 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    552 C:\Program Files\DellSupport\DSAgnt.exe
    708 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    740 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    3464 C:\Program Files\Digital Line Detect\DLG.exe
    3656 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    608 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    3156 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3484 C:\Program Files\WinZip\WZQKPICK.EXE
    3552 C:\Program Files\iPod\bin\iPodService.exe
    2016 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    2448 C:\WINDOWS\system32\wuauclt.exe
    128 C:\Documents and Settings\peterson7j\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: ST9408114A, Rev: 8.03

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  11. mpete

    mpete TS Rookie Topic Starter Posts: 50

    ComboFix 11-04-13.06 - peterson7j 04/14/2011 13:57:56.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.690 [GMT -4:00]
    Running from: c:\documents and settings\peterson7j\Desktop\ComboFix.exe
    .
    ADS - WINDOWS: deleted 128 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\3b4e95
    c:\documents and settings\All Users\Application Data\3b4e95\176.mof
    c:\documents and settings\All Users\Application Data\3b4e95\3b4e951d51338b08af55399bb94e32ad.ocx
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\Adobe Reader Speed Launch.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\Digital Line Detect.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\HP Digital Imaging Monitor.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\HP Image Zone Fast Start.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\Logitech Desktop Messenger.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\McAfee Security Scan Plus.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\BackUp\WinZip Quick Pick.lnk
    c:\documents and settings\All Users\Application Data\3b4e95\SIP.ico
    c:\documents and settings\All Users\Application Data\3b4e95\yx5e7tm9q01u8z6ak2p45e7tm9q01u8glm9q0xxe7tmgo2p45e7tm9q01u8z6ad6aiy2sw.dll
    c:\windows\system32\BSTIEPrintCtl1.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-13 00:25 . 2011-04-13 00:25 -------- d-----w- c:\documents and settings\peterson7j\Local Settings\Application Data\Apple
    2011-04-02 16:54 . 2011-04-02 16:54 -------- d-----w- c:\documents and settings\peterson7j\Application Data\Apple Computer
    2011-03-24 01:27 . 2011-03-24 01:27 -------- d-----w- c:\windows\system32\scripting
    2011-03-24 01:27 . 2011-03-24 01:27 -------- d-----w- c:\windows\l2schemas
    2011-03-24 01:26 . 2011-03-24 01:26 -------- d-----w- c:\windows\system32\en
    2011-03-24 01:26 . 2011-03-24 01:26 -------- d-----w- c:\windows\system32\bits
    2011-03-24 01:06 . 2011-03-24 01:06 -------- d-----w- c:\documents and settings\Cole\Application Data\Malwarebytes
    2011-03-20 17:33 . 2011-03-20 18:09 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
    2011-03-20 17:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-03-20 17:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-03-20 17:30 . 2011-03-20 17:30 -------- d-----w- c:\program files\iPod
    2011-03-20 17:30 . 2011-03-20 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-03-20 17:30 . 2011-03-20 17:32 -------- d-----w- c:\program files\iTunes
    2011-03-20 17:28 . 2011-03-20 17:30 -------- d-----w- c:\program files\QuickTime
    2011-03-20 17:28 . 2011-03-20 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2011-03-20 17:27 . 2011-03-20 17:27 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Apple
    2011-03-20 17:27 . 2011-03-20 17:27 -------- d-----w- c:\program files\Apple Software Update
    2011-03-20 17:27 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-03-20 17:27 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-03-20 17:26 . 2011-03-20 17:26 -------- d-----w- c:\program files\Bonjour
    2011-03-20 17:25 . 2011-03-20 17:30 -------- d-----w- c:\program files\Common Files\Apple
    2011-03-20 17:25 . 2011-03-20 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2011-03-20 17:25 . 2011-03-20 17:25 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-28 26112]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
    "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-28 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-6 67128]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-1-5 118784]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AltiGen\\JLIB15\\jre\\bin\\java.exe"=
    "c:\\Program Files\\AltiGen\\JLIB15\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [1/5/2006 11:36 AM 58464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 9:04 PM 135664]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 6:43 PM 88176]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe --> c:\windows\system32\nlssrv32.exe [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:04]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:04]
    .
    2011-04-14 c:\windows\Tasks\User_Feed_Synchronization-{EAB3BE99-F999-4133-87EB-4250B363BB27}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:25397
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    Trusted Zone: singlesrc.com\www
    Trusted Zone: singlesrc.com\www2
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-pdfSaver3 - (no file)
    HKLM-Run-EPSON Stylus CX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 14:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(796)
    c:\windows\system32\IWPDGINA.DLL
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    - - - - - - - > 'lsass.exe'(1144)
    c:\windows\system32\EntApi.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-04-14 14:09:26
    ComboFix-quarantined-files.txt 2011-04-14 18:09
    .
    Pre-Run: 12,947,808,256 bytes free
    Post-Run: 12,912,263,168 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - C46D88815CBF18E810971A3E435075B7
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I don't see any AV program running.
    Why is that?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:25397
    uInternet Settings,ProxyOverride = <local>
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. mpete

    mpete TS Rookie Topic Starter Posts: 50

    Broni,

    I am not sure why there is no AV on here, this comp was the wifes she purchased from work so I haven't had many dealings with it, I guess I saw some McAfee stuff on here and took it for granted.


    ComboFix 11-04-13.06 - peterson7j 04/14/2011 14:49:54.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.567 [GMT -4:00]
    Running from: c:\documents and settings\peterson7j\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\peterson7j\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-13 00:25 . 2011-04-13 00:25 -------- d-----w- c:\documents and settings\peterson7j\Local Settings\Application Data\Apple
    2011-04-02 16:54 . 2011-04-02 16:54 -------- d-----w- c:\documents and settings\peterson7j\Application Data\Apple Computer
    2011-03-24 01:27 . 2011-03-24 01:27 -------- d-----w- c:\windows\system32\scripting
    2011-03-24 01:27 . 2011-03-24 01:27 -------- d-----w- c:\windows\l2schemas
    2011-03-24 01:26 . 2011-03-24 01:26 -------- d-----w- c:\windows\system32\en
    2011-03-24 01:26 . 2011-03-24 01:26 -------- d-----w- c:\windows\system32\bits
    2011-03-24 01:06 . 2011-03-24 01:06 -------- d-----w- c:\documents and settings\Cole\Application Data\Malwarebytes
    2011-03-20 17:33 . 2011-03-20 18:09 -------- d-----w- c:\documents and settings\Cole\Application Data\Apple Computer
    2011-03-20 17:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-03-20 17:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-03-20 17:30 . 2011-03-20 17:30 -------- d-----w- c:\program files\iPod
    2011-03-20 17:30 . 2011-03-20 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-03-20 17:30 . 2011-03-20 17:32 -------- d-----w- c:\program files\iTunes
    2011-03-20 17:28 . 2011-03-20 17:30 -------- d-----w- c:\program files\QuickTime
    2011-03-20 17:28 . 2011-03-20 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2011-03-20 17:27 . 2011-03-20 17:27 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Apple
    2011-03-20 17:27 . 2011-03-20 17:27 -------- d-----w- c:\program files\Apple Software Update
    2011-03-20 17:27 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-03-20 17:27 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-03-20 17:26 . 2011-03-20 17:26 -------- d-----w- c:\program files\Bonjour
    2011-03-20 17:25 . 2011-03-20 17:30 -------- d-----w- c:\program files\Common Files\Apple
    2011-03-20 17:25 . 2011-03-20 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2011-03-20 17:25 . 2011-03-20 17:25 -------- d-----w- c:\documents and settings\Cole\Local Settings\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-28 26112]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
    "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
    "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
    "MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-28 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-12-6 67128]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-1-5 118784]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AltiGen\\JLIB15\\jre\\bin\\java.exe"=
    "c:\\Program Files\\AltiGen\\JLIB15\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [1/5/2006 11:36 AM 58464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 9:04 PM 135664]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 6:43 PM 88176]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe --> c:\windows\system32\nlssrv32.exe [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:04]
    .
    2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:04]
    .
    2011-04-14 c:\windows\Tasks\User_Feed_Synchronization-{EAB3BE99-F999-4133-87EB-4250B363BB27}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    Trusted Zone: singlesrc.com\www
    Trusted Zone: singlesrc.com\www2
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-14 14:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(796)
    c:\windows\system32\IWPDGINA.DLL
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    - - - - - - - > 'lsass.exe'(1144)
    c:\windows\system32\EntApi.dll
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(396)
    c:\windows\system32\WININET.dll
    c:\windows\system32\EntApi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\mslbui.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2011-04-14 15:01:52
    ComboFix-quarantined-files.txt 2011-04-14 19:01
    ComboFix2.txt 2011-04-14 18:09
    .
    Pre-Run: 12,926,353,408 bytes free
    Post-Run: 12,913,455,104 bytes free
    .
    - - End Of File - - F2ACB92B0A34EFF81EFDAC0A22153582
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I can see McAfee VirusScan Enterprise listing in Add\Remove, but it doesn't look like it's installed anymore.
    We also have:
    McAfee Security Scan Plus
    McAfee SiteAdvisor

    Both of them can be safely uninstalled.

    Please, install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    Update, run full scan, report on any findings.

    Combofix log looks fine now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. mpete

    mpete TS Rookie Topic Starter Posts: 50

    OTL logfile created on: 4/14/2011 9:02:23 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\peterson7j\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 49.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.93 Gb Total Space | 11.32 Gb Free Space | 33.37% Space Free | Partition Type: NTFS
    Drive E: | 121.72 Mb Total Space | 6.02 Mb Free Space | 4.95% Space Free | Partition Type: FAT

    Computer Name: JENPET2 | User Name: peterson7j | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/14 20:58:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\OTL.exe
    PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/06 09:34:02 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2005/12/28 03:31:30 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2005/11/18 10:59:44 | 000,028,672 | R--- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
    PRC - [2004/10/30 16:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2004/09/13 18:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2004/09/07 18:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2004/09/07 18:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
    PRC - [2004/09/05 18:20:18 | 000,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    PRC - [2004/08/19 16:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2004/02/11 10:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/04/14 20:58:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (nlsX86cc)
    SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
    SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/12/28 03:31:33 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2004/11/16 18:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2004/10/21 22:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
    DRV - [2004/06/30 12:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
    DRV - [2004/06/17 22:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/05/26 22:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;www.systemcentralcenter.com;<local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;www.systemcentralcenter.com;<local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2011/04/14 14:05:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
    O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O7 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..Trusted Domains: singlesrc.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..Trusted Domains: singlesrc.com ([www2] http in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} http://www2.snapfish.com/SnapfishActivia3.cab (Snapfish Activia3)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136556179013 (MUWebControl Class)
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} http://mobile.singlesrc.com/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = singlesource.net
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel Corporation)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\peterson7j\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\peterson7j\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/03/17 08:16:49 | 000,000,000 | ---D | M] - C:\AUTOUPGRADETEMP -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - lvcodec2.dll File not found
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/14 21:00:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\OTL.exe
    [2011/04/14 20:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/04/14 20:45:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/04/14 20:45:07 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/04/14 20:45:06 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/04/14 20:45:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/04/14 20:45:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/04/14 20:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/04/14 20:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/04/14 13:55:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/14 13:49:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/14 13:49:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/14 13:49:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/14 13:49:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/14 13:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/14 13:48:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/12 20:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peterson7j\Local Settings\Application Data\Apple
    [2011/04/11 20:24:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\TFC.exe
    [2011/04/02 12:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\peterson7j\Application Data\Apple Computer
    [2011/03/25 20:11:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/03/23 21:27:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2011/03/23 21:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2011/03/23 21:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2011/03/23 21:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2011/03/23 21:17:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2011/03/23 21:09:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011/03/20 13:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/03/20 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/20 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/20 13:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/03/20 13:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/03/20 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/03/20 13:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2011/03/20 13:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/03/20 13:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/20 13:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/03/20 13:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [1 C:\Documents and Settings\peterson7j\My Documents\*.tmp files -> C:\Documents and Settings\peterson7j\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\peterson7j\Desktop\*.tmp files -> C:\Documents and Settings\peterson7j\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/14 21:07:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EAB3BE99-F999-4133-87EB-4250B363BB27}.job
    [2011/04/14 20:58:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\OTL.exe
    [2011/04/14 20:46:19 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/14 20:40:48 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\avira_antivir_personal_en.exe
    [2011/04/14 20:28:55 | 000,446,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/14 20:28:55 | 000,073,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/14 20:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/14 20:24:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/14 20:23:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/14 20:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/14 20:22:57 | 000,328,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/14 20:20:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/14 20:12:19 | 002,001,974 | ---- | M] () -- C:\WINDOWS\iis6.BAK
    [2011/04/14 19:29:17 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
    [2011/04/14 14:05:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/14 13:56:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/14 13:38:28 | 004,321,060 | R--- | M] () -- C:\Documents and Settings\peterson7j\Desktop\ComboFix.exe
    [2011/04/14 12:42:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\MBRCheck.exe
    [2011/04/12 20:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/04/11 20:59:12 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\dds.scr
    [2011/04/11 20:58:50 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\z1rkppqf.exe
    [2011/04/08 08:59:29 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\Microsoft Office Word 2003.lnk
    [2011/04/02 15:13:01 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\Microsoft Office Excel 2003.lnk
    [2011/03/30 22:57:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\TFC.exe
    [2011/03/25 20:12:35 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/03/23 21:21:21 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
    [2011/03/23 21:15:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/22 20:56:40 | 000,054,248 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/03/20 13:32:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/03/20 13:29:49 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [1 C:\Documents and Settings\peterson7j\My Documents\*.tmp files -> C:\Documents and Settings\peterson7j\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\peterson7j\Desktop\*.tmp files -> C:\Documents and Settings\peterson7j\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/14 20:46:19 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/14 20:42:04 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\peterson7j\Desktop\avira_antivir_personal_en.exe
    [2011/04/14 13:56:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/14 13:56:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/14 13:49:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/14 13:49:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/14 13:49:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/14 13:49:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/14 13:49:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/14 13:47:35 | 004,321,060 | R--- | C] () -- C:\Documents and Settings\peterson7j\Desktop\ComboFix.exe
    [2011/04/14 12:56:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\peterson7j\Desktop\MBRCheck.exe
    [2011/04/13 20:56:39 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\peterson7j\Desktop\dds.scr
    [2011/04/11 21:00:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\peterson7j\Desktop\z1rkppqf.exe
    [2011/03/22 20:56:40 | 000,054,248 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/03/20 13:32:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/03/20 13:29:49 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/03/20 13:27:53 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/20 13:27:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2010/12/15 00:55:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/05/28 20:14:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\peterson7j\Application Data\$_hpcst$.hpc
    [2008/06/09 21:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/10/18 08:47:46 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\peterson7j\Application Data\88D7456F-2D0E-40AA-BDBC-7BC292A1FF1A_CONFIRM.cache
    [2007/10/18 08:47:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\88D7456F-2D0E-40AA-BDBC-7BC292A1FF1A_RUNTIME.cache
    [2007/10/18 08:17:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
    [2006/03/02 21:29:08 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\peterson7j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/16 08:29:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2006/02/16 08:29:43 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2006/02/16 08:29:43 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2006/02/16 08:29:43 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2006/02/16 08:29:43 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2006/02/16 08:29:43 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2006/02/16 08:29:43 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2006/02/16 08:29:43 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2006/02/16 08:29:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2006/02/16 08:29:43 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2006/02/16 08:29:43 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2006/02/16 08:29:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2006/02/16 08:29:43 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2006/02/16 08:29:43 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2006/02/16 08:27:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
    [2006/02/08 12:29:12 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\peterson7j\Local Settings\Application Data\fusioncache.dat
    [2006/02/03 15:51:44 | 000,001,562 | ---- | C] () -- C:\WINDOWS\checkip.dat
    [2006/01/28 13:59:55 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
    [2006/01/10 14:27:22 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2006/01/10 14:27:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2006/01/05 14:34:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
    [2006/01/05 14:34:09 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2006/01/05 13:41:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/01/05 10:26:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/12/28 03:45:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/28 03:38:27 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2005/12/28 03:34:42 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/12/28 03:30:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/12/28 03:28:11 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2005/12/28 03:05:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2005/12/28 03:05:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2005/12/28 03:05:00 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
    [2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 19:06:43 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 19:00:28 | 000,446,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 19:00:28 | 000,073,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2006/01/06 11:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
    [2010/10/15 19:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2010/02/11 16:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2010/02/09 18:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
    [2011/02/04 12:18:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SIXPHIPGQCP
    [2005/12/28 03:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/03/20 13:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/05/06 16:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\.salesforce.com
    [2010/03/04 10:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\AltiGen
    [2010/06/11 10:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\E-centives
    [2006/02/03 21:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\Leadertech
    [2007/04/02 08:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\LinkedIn
    [2006/01/10 14:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\pdf995
    [2010/02/09 18:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\salesforce.com
    [2011/02/01 10:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\Unity
    [2007/01/27 13:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\Viewpoint
    [2010/05/25 19:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\webex
    [2011/04/14 21:07:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EAB3BE99-F999-4133-87EB-4250B363BB27}.job

    ========== Purity Check ==========
     
  16. mpete

    mpete TS Rookie Topic Starter Posts: 50

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/04 09:34:34 | 001,797,628 | ---- | M] () -- C:\AltiGenJLIB.log
    [2008/03/24 13:07:52 | 000,872,212 | ---- | M] () -- C:\AltiView.log
    [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/01/05 10:19:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/04/14 13:56:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/04/14 15:01:54 | 000,011,219 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/12/28 03:08:44 | 000,005,213 | RH-- | M] () -- C:\dell.sdr
    [2006/01/10 12:13:54 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/12/28 03:32:12 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
    [2010/03/17 07:43:39 | 002,732,088 | ---- | M] () -- C:\MaxCommunicator.log
    [2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/03/23 21:15:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2008/03/24 13:05:52 | 000,000,000 | ---- | M] () -- C:\openfw.log
    [2011/04/14 20:22:42 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/20 19:54:07 | 000,004,614 | ---- | M] () -- C:\Rescued document.txt
    [2006/03/22 17:57:36 | 000,000,516 | ---- | M] () -- C:\Settings.ini
    [2007/10/29 09:23:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/02/09 00:13:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/02/23 11:46:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
    [2008/02/23 11:46:57 | 000,000,172 | -H-- | M] () -- C:\sqmdata03.sqm
    [2008/02/23 11:46:57 | 000,000,172 | -H-- | M] () -- C:\sqmdata04.sqm
    [2008/03/24 12:18:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2008/03/26 23:16:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2008/04/10 17:27:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2008/05/20 09:31:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2008/05/20 22:25:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2008/05/21 13:16:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2008/05/22 10:50:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/04/03 09:33:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/05/17 15:38:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/05/17 15:53:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/05/17 16:02:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2007/10/29 09:23:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/02/09 00:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2008/02/23 11:46:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2008/02/23 11:46:57 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2008/02/23 11:46:57 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2008/03/24 12:18:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2008/03/26 23:16:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2008/04/10 17:27:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2008/05/20 09:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2008/05/20 22:25:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2008/05/21 13:16:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2008/05/22 10:50:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/04/03 09:33:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/05/17 15:38:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/05/17 15:53:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/05/17 16:02:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2005/12/28 03:32:27 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2010/03/03 16:16:06 | 000,008,380 | ---- | M] () -- C:\tempcmdlog.log
    [2010/02/01 15:13:50 | 000,020,666 | ---- | M] () -- C:\tempcmdlog.log.bak
    [2010/03/03 12:01:08 | 000,015,533 | ---- | M] () -- C:\tempcmdlog.log.err

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 19:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/03/23 21:29:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/01/05 10:56:10 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\peterson7j\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 19:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\peterson7j\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/14 20:40:48 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\avira_antivir_personal_en.exe
    [2011/04/14 13:38:28 | 004,321,060 | R--- | M] () -- C:\Documents and Settings\peterson7j\Desktop\ComboFix.exe
    [2008/08/12 08:48:44 | 242,743,296 | R--- | M] (Microsoft Corporation) -- C:\Documents and Settings\peterson7j\Desktop\dotnetfx35_SP1_Full.exe
    [2006/01/16 12:33:18 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\LCCU_4.0.3.12.exe
    [2010/12/11 14:09:18 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\peterson7j\Desktop\mbam-setup-1.50.0.0.exe
    [2011/04/14 12:42:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\MBRCheck.exe
    [2011/04/14 20:58:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\OTL.exe
    [2011/03/30 22:57:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\peterson7j\Desktop\TFC.exe
    [2011/04/11 20:58:50 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\peterson7j\Desktop\z1rkppqf.exe
    [1 C:\Documents and Settings\peterson7j\Desktop\*.tmp files -> C:\Documents and Settings\peterson7j\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2006/06/22 15:16:22 | 006,599,680 | ---- | M] () -- C:\Documents and Settings\peterson7j\My Documents\DingInstall.exe
    [2010/02/06 11:56:50 | 004,640,840 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\peterson7j\My Documents\R128346.EXE
    [2010/02/06 11:56:42 | 005,696,136 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\peterson7j\My Documents\R143248.EXE
    [2010/02/06 11:56:23 | 000,679,552 | ---- | M] () -- C:\Documents and Settings\peterson7j\My Documents\R95342.EXE
    [1 C:\Documents and Settings\peterson7j\My Documents\*.tmp files -> C:\Documents and Settings\peterson7j\My Documents\*.tmp -> ]

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/01/05 10:56:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\peterson7j\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/04/29 09:28:17 | 000,003,664 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/14 21:11:23 | 001,474,560 | ---- | M] () -- C:\Documents and Settings\peterson7j\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/22 19:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2004/10/29 23:56:50 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0
    "AUOptions" = 2
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 3
    "UseWUServer" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  17. mpete

    mpete TS Rookie Topic Starter Posts: 50

    OTL Extras logfile created on: 4/14/2011 9:02:24 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\peterson7j\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 49.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.93 Gb Total Space | 11.32 Gb Free Space | 33.37% Space Free | Partition Type: NTFS
    Drive E: | 121.72 Mb Total Space | 6.02 Mb Free Space | 4.95% Space Free | Partition Type: FAT

    Computer Name: JENPET2 | User Name: peterson7j | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Altigen\JLIB15\jre\bin\java.exe" = C:\Program Files\Altigen\JLIB15\jre\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
    "C:\Program Files\Altigen\JLIB15\jre\bin\javaw.exe" = C:\Program Files\Altigen\JLIB15\jre\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AltiGen\JLIB15\jre\bin\java.exe" = C:\Program Files\AltiGen\JLIB15\jre\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
    "C:\Program Files\AltiGen\JLIB15\jre\bin\javaw.exe" = C:\Program Files\AltiGen\JLIB15\jre\bin\javaw.exe:*:Enabled:javaw -- (Sun Microsystems, Inc.)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2C5F4884-62AB-4B32-ADB2-BD3D71760CD6}" = OutlookAccessAddInSetup
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{51DD0602-CD28-4AA9-84BB-B8F8FC2F4DA5}" = Mindjet MindManager Pro 6
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8552FD97-5A8E-46F4-9AD8-72A275F1ACCB}" = Microsoft Unified Communications Client API SDK
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
    "{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DF6B8EA9-32CF-4937-BADF-6CF43313C9FC}" = mGina
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 9.94 Free Edition
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "EPSON Scanner" = EPSON Scan
    "HP Officejet 7300 series_Driver" = HP Officejet 7300 series
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Pdf995" = Pdf995
    "PDF-XChange 3_is1" = PDF-XChange 3.0
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RealPlayer 6.0" = RealPlayer Basic
    "UnityWebPlayer" = Unity Web Player
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WIC" = Windows Imaging Component
    "Windows Live Safety scanner" = Windows Live Safety scanner
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZip" = WinZip
    "WMCSetup" = Windows Media Connect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/14/2011 12:42:38 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 4/14/2011 1:21:11 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 4/14/2011 1:38:28 PM | Computer Name = JENPET2 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/14/2011 7:22:29 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 4/14/2011 7:22:46 PM | Computer Name = JENPET2 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 4/14/2011 7:23:08 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 4/14/2011 7:29:39 PM | Computer Name = JENPET2 | Source = Alert Manager Event Interface | ID = 257
    Description =

    Error - 4/14/2011 8:23:36 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 4/14/2011 8:23:38 PM | Computer Name = JENPET2 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 4/14/2011 8:23:50 PM | Computer Name = JENPET2 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    [ System Events ]
    Error - 4/11/2011 9:05:56 PM | Computer Name = JENPET2 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 4/11/2011 9:06:38 PM | Computer Name = JENPET2 | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 4/12/2011 12:35:17 AM | Computer Name = JENPET2 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain SINGLESOURCE due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 4/12/2011 4:35:18 AM | Computer Name = JENPET2 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain SINGLESOURCE due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 4/12/2011 8:03:45 AM | Computer Name = JENPET2 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
    to connect.

    Error - 4/12/2011 8:03:45 AM | Computer Name = JENPET2 | Source = Service Control Manager | ID = 7000
    Description = The Pml Driver HPZ12 service failed to start due to the following
    error: %%1053

    Error - 4/12/2011 8:03:46 AM | Computer Name = JENPET2 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
    to connect.

    Error - 4/12/2011 8:03:46 AM | Computer Name = JENPET2 | Source = Service Control Manager | ID = 7000
    Description = The Pml Driver HPZ12 service failed to start due to the following
    error: %%1053

    Error - 4/12/2011 8:35:18 AM | Computer Name = JENPET2 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain SINGLESOURCE due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.

    Error - 4/12/2011 12:35:18 PM | Computer Name = JENPET2 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain SINGLESOURCE due to the
    following: %%1311. Make sure that the computer is connected to the network and try
    again.
    If the problem persists, please contact your domain administrator.


    < End of report >
     
  18. mpete

    mpete TS Rookie Topic Starter Posts: 50

    Broni,
    Computer seems to be running better, however I have had numerous problems trying to download some of the applications when in IE. The programs will begin and go through the download process and then stop at 99% of the download on the counter. I have waited as long as 5 minutes for the download to finish, but it doesn't. I knwo when I went thru this procees befoer none of the applications took any longer than a minute to download. I don't know what causes this?
    Thanks,
    Mark
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Let me know how that issue is, when we're totally done.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;www.systemcentralcenter.com;<local>
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.1;www.systemcentralcenter.com;<local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
      O15 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..Trusted Domains: singlesrc.com ([www] http in Trusted sites)
      O15 - HKU\S-1-5-21-1953962534-1369401885-1544898942-2767\..Trusted Domains: singlesrc.com ([www2] http in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [1 C:\Documents and Settings\peterson7j\My Documents\*.tmp files -> C:\Documents and Settings\peterson7j\My Documents\*.tmp -> ]
      [1 C:\Documents and Settings\peterson7j\Desktop\*.tmp files -> C:\Documents and Settings\peterson7j\Desktop\*.tmp -> ]
      [2005/12/28 03:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2007/01/27 13:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\peterson7j\Application Data\Viewpoint
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. mpete

    mpete TS Rookie Topic Starter Posts: 50

    Broni,

    The download is stick again, is there another way to get Java updated...it's been 15 minutes
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Do you have another browser installed?

    Do you have another working computer and USB stick, so we can use them to download and transfer files?
     
  22. mpete

    mpete TS Rookie Topic Starter Posts: 50

    I believe this is the only browser, I can use another computer for this, but how can I tell Java which one I need version 6 update 24?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK, run OTL fix first.

    See, if you have same problem with downloading after running OTL fix and restarting computer.
    We'll go from there....
     
  24. mpete

    mpete TS Rookie Topic Starter Posts: 50

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1953962534-1369401885-1544898942-2767\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\singlesrc.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1953962534-1369401885-1544898942-2767\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\singlesrc.com\www2\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\peterson7j\My Documents\~WRL2814.tmp deleted successfully.
    C:\Documents and Settings\peterson7j\Desktop\~WRL0372.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\peterson7j\Application Data\Viewpoint folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Cole
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: henry6p
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jennifer
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: peterson7j
    ->Temp folder emptied: 1425962 bytes
    ->Temporary Internet Files folder emptied: 75822217 bytes
    ->Java cache emptied: 9166 bytes
    ->Flash cache emptied: 1609 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4290451 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13723296 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 91.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Cole
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: henry6p
    ->Flash cache emptied: 0 bytes

    User: Jennifer
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: peterson7j
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04152011_185352

    Files\Folders moved on Reboot...
    C:\Documents and Settings\peterson7j\Local Settings\Temp\WCESLog.log moved successfully.

    Registry entries deleted on Reboot...
     
  25. mpete

    mpete TS Rookie Topic Starter Posts: 50

    Going to try updating Java now, I noticed on the start-up it is taking a while are there any processes I can eliminate to speed that up?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...