TechSpot

Posting Logs- redirect and hidden files virus

By wvpurplegal
May 25, 2011
  1. I've had some problems with my computer- Almost all of my files and desktop icons are hidden, and Im being redirected to random websites, Also a window that an error has occured with windows pops up and shuts down explorer.

    I've followed the steps and here is my MalwareBytes ,Log My other logs GMER are too long to fit? thanks for any help.tina

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6675

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/25/2011 1:54:19 PM
    mbam-log-2011-05-25 (13-54-19).txt

    Scan type: Quick scan
    Objects scanned: 172560
    Time elapsed: 12 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\tlxbxuudsbf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\RECYCLER\s-1-5-21-1106919386-3255234024-250490514-1007\Dc11.com (Trojan.BankerBot.Gen) -> Quarantined and deleted successfully.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    If some log exceeds 50,000 characters post limit, split it between couple of replies.

    To help with your hidden files...
    Download and run UnHide
     
  3. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    GMER log

    ok downloaded and running the unhide here is GMER

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-25 17:00:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3120026AS rev.8.05
    Running: g707kvqb.exe; Driver: C:\DOCUME~1\comers\LOCALS~1\Temp\pxtdapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT AC7DCABE ZwCreateKey
    SSDT AC7DCAB4 ZwCreateThread
    SSDT AC7DCAC3 ZwDeleteKey
    SSDT AC7DCACD ZwDeleteValueKey
    SSDT AC7DCAD2 ZwLoadKey
    SSDT AC7DCAA0 ZwOpenProcess
    SSDT AC7DCAA5 ZwOpenThread
    SSDT AC7DCADC ZwReplaceKey
    SSDT AC7DCAD7 ZwRestoreKey
    SSDT AC7DCAC8 ZwSetValueKey

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF76AE184]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF76AE0CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF76AE0A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF76AE0B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF76AE112]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF76AE15A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF76AE1AE]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF76AE19A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF76AE16E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution 80515AB2 7 Bytes JMP F76AE172 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP F76AE0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A7A9 5 Bytes JMP F76AE19E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC21 7 Bytes JMP F76AE188 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenProcess 8057F93A 5 Bytes JMP F76AE0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwTerminateProcess 8058E8B1 5 Bytes JMP F76AE1B2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtOpenThread 80596743 5 Bytes JMP F76AE0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!NtSetSecurityObject 805E8694 5 Bytes JMP F76AE15E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntoskrnl.exe!ZwRenameKey 8065684C 7 Bytes JMP F76AE116 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    ? icrlmmin.sys The system cannot find the file specified. !
    INITc VolSnap.sys F77DCBD0 4 Bytes [82, AA, 4D, 80]
    INITc VolSnap.sys F77DCBF8 4 Bytes [E6, 7D, 4E, 80]
    INITc VolSnap.sys F77DCC21 3 Bytes [C4, 4D, 80] {LES ECX, DWORD [EBP-0x80]}
    INITc VolSnap.sys F77DCC48 4 Bytes [96, 34, 4E, 80]
    INITc VolSnap.sys F77DCC70 4 Bytes [F6, 14, 4E, 80]
    INITc ...
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6969340, 0xFD9DF, 0xF8000020]
    init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B9C760]
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x2342C0, 0xF8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FEF
    .text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0009000A
    .text C:\WINDOWS\System32\svchost.exe[184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FD4
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F77
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F92
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FA3
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FC0
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FDB
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F46
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B008E
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EFF
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F10
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0EEE
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0062
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B007D
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0047
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B002C
    .text C:\WINDOWS\System32\svchost.exe[184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F35
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0025
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A005B
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A000A
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F9E
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0FAF
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
    .text C:\WINDOWS\System32\svchost.exe[184] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0036
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FB4
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F003F
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0FEF
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F002E
    .text C:\WINDOWS\System32\svchost.exe[184] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F000C
    .text C:\WINDOWS\System32\svchost.exe[184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0000
    .text C:\WINDOWS\System32\svchost.exe[276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\System32\svchost.exe[276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\System32\svchost.exe[276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE0FD4
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD007D
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0F92
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD006C
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD005B
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FB9
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F66
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD0F77
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD0F29
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD0F44
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0F0E
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0040
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FE5
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0098
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0025
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FD4
    .text C:\WINDOWS\System32\svchost.exe[276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F55
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FDE
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0080
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0025
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC006F
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BC0FC3
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 88]
    .text C:\WINDOWS\System32\svchost.exe[276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC004A
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F84
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0F95
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0FC1
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FA6
    .text C:\WINDOWS\System32\svchost.exe[276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FDE
    .text C:\WINDOWS\System32\svchost.exe[276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\System32\svchost.exe[276] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FA0000
    .text C:\WINDOWS\System32\svchost.exe[276] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FA0011
    .text C:\WINDOWS\System32\svchost.exe[276] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FA0022
    .text C:\WINDOWS\System32\svchost.exe[276] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00FA0FD1
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C4000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C1000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C0000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C3000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B064C0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B066C0
    .text C:\WINDOWS\Explorer.EXE[712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 019B0000
    .text C:\WINDOWS\Explorer.EXE[712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 019B002C
    .text C:\WINDOWS\Explorer.EXE[712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 019B001B
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019A000A
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019A0098
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 019A0FA3
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 019A0087
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 019A006C
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 019A0051
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 019A00DA
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 019A0F92
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019A0117
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019A0106
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019A0F59
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 019A0FD4
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019A0025
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 019A00BD
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 019A0FE5
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 019A0040
    .text C:\WINDOWS\Explorer.EXE[712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019A00F5
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01990FC3
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01990076
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0199000A
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01990FDE
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0199005B
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01990FEF
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01990040
    .text C:\WINDOWS\Explorer.EXE[712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0199002F
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01970FB0
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 01970FC1
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01970027
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01970FEF
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01970FD2
    .text C:\WINDOWS\Explorer.EXE[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0197000C
    .text C:\WINDOWS\Explorer.EXE[712] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 017C0FE5
    .text C:\WINDOWS\Explorer.EXE[712] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 017C000A
    .text C:\WINDOWS\Explorer.EXE[712] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 017C001B
    .text C:\WINDOWS\Explorer.EXE[712] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 017C0036
    .text C:\WINDOWS\Explorer.EXE[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0196000A
    .text C:\WINDOWS\system32\services.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01500000
    .text C:\WINDOWS\system32\services.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01500FEF
    .text C:\WINDOWS\system32\services.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01500025
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014F0000
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014F0069
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 014F0F74
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 014F0058
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 014F0F9B
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 014F002C
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014F0F4F
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014F0097
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014F0F23
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014F0F34
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014F00D7
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 014F003D
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 014F001B
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 014F007A
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 014F0FC0
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 014F0FDB
    .text C:\WINDOWS\system32\services.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014F00B2
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014E0FDB
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014E0065
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014E002C
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014E001B
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014E0FA8
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014E000A
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014E0FB9
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6E, 89]
    .text C:\WINDOWS\system32\services.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014E0FCA
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF003D
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FB2
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0022
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0FCD
    .text C:\WINDOWS\system32\services.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0011
    .text C:\WINDOWS\system32\services.exe[1452] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FD0000
    .text C:\WINDOWS\system32\services.exe[1452] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FD0011
    .text C:\WINDOWS\system32\services.exe[1452] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FD0FD1
    .text C:\WINDOWS\system32\services.exe[1452] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00FD0FC0
    .text C:\WINDOWS\system32\services.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FE5
    .text C:\WINDOWS\system32\lsass.exe[1464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00ED000A
    .text C:\WINDOWS\system32\lsass.exe[1464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00ED0025
    .text C:\WINDOWS\system32\lsass.exe[1464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED0FEF
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0FE5
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0F87
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0086
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0075
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0058
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0FCA
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0F6C
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC00B2
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC00E3
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0F4A
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EC00F4
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EC0047
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EC000A
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EC00A1
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EC0036
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EC0025
    .text C:\WINDOWS\system32\lsass.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EC0F5B
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EB0036
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EB0FB9
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EB0FE5
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EB0011
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EB0FCA
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EB0000
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EB006C
    .text C:\WINDOWS\system32\lsass.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EB0051
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0FAF
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA0FCA
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA0029
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0000
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA003A
    .text C:\WINDOWS\system32\lsass.exe[1464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FEF
    .text C:\WINDOWS\system32\lsass.exe[1464] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20FE5
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CC002C
    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC001B
     
  4. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    more Gmer log

    .text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC001B
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB000A
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0FB9
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB00A4
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0087
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0FCA
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB005B
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F8D
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB00D5
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB0F46
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F61
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB0F2B
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB006C
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB0FEF
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB0F9E
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB004A
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB0025
    .text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB0F7C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FE5
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0FA5
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE002C
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE001B
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0062
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0FC0
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
    .text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE0047
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0038
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0FB7
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FD2
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0027
    .text C:\WINDOWS\system32\svchost.exe[1676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD000C
    .text C:\WINDOWS\system32\svchost.exe[1676] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EE0014
    .text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE0FDE
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0000
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0F66
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED0F77
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F88
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0051
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0FAF
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0F41
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED007D
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED00C2
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED0F1F
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED00D3
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0036
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FE5
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED006C
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FD4
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0025
    .text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED0F30
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC001B
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC005B
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FCA
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC0000
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0F9E
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0FE5
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FAF
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}
    .text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0036
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB003F
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB002E
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB001D
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0FBE
    .text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB000C
    .text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0000
    .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0FE5
    .text C:\WINDOWS\System32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC001B
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F81
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F9C
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0FAD
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0076
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0051
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F53
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB009B
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F13
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F2E
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00BD
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FD4
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F70
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0040
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB001B
    .text C:\WINDOWS\System32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00AC
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FAF
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F83
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F94
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0093000A
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930036
    .text C:\WINDOWS\System32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930025
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F8B
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920016
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC1
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FA6
    .text C:\WINDOWS\System32\svchost.exe[1872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FD2
    .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
    .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900011
    .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FE5
    .text C:\WINDOWS\System32\svchost.exe[1872] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0090002C
    .text C:\WINDOWS\System32\svchost.exe[1872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02A30FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02A30FC3
    .text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02A30FD4
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A2000A
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A2007F
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A2006E
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A20051
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A20F94
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A20036
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A200B7
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A20F6F
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A200DC
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A20F43
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A20F32
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02A20FA5
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02A20FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02A2009A
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02A20FCA
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02A2001B
    .text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02A20F54
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02A10FCA
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02A1006C
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02A1001B
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02A10000
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02A10FA5
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02A10FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02A10047
    .text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02A10036
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02A00FCD
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!system 77C293C7 5 Bytes JMP 02A00FDE
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02A00044
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02A0000C
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02A00FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02A00029
    .text C:\WINDOWS\System32\svchost.exe[1956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 029F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 029E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 029E000A
    .text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 029E001B
    .text C:\WINDOWS\System32\svchost.exe[1956] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 029E0FCA
    .text C:\WINDOWS\System32\svchost.exe[2008] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0FEF
    .text C:\WINDOWS\System32\svchost.exe[2008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D0025
    .text C:\WINDOWS\System32\svchost.exe[2008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D000A
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C000A
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C00B3
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C008E
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0FB4
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C007D
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0058
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C00F5
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C00CE
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0F6D
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0F88
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C0121
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C0FD1
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C001B
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0FA3
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0047
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C002C
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0106
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0FCA
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0FAF
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B001B
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B000A
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B006C
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0FEF
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008B0051
    .text C:\WINDOWS\System32\svchost.exe[2008] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B002C
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0F75
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0F90
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FB5
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0FE3
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A000A
    .text C:\WINDOWS\System32\svchost.exe[2008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FC6
    .text C:\WINDOWS\System32\svchost.exe[2008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00890000
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[2876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[3312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C10000
    .text C:\WINDOWS\System32\svchost.exe[3312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C10022
    .text C:\WINDOWS\System32\svchost.exe[3312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C10011
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00073
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00062
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F8A
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F9B
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00047
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000A9
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F6D
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F2E
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F3F
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F1D
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00FC0
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00011
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00098
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00036
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FDB
    .text C:\WINDOWS\System32\svchost.exe[3312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00F50
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FA8
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0047
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FB9
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0036
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0025
    .text C:\WINDOWS\System32\svchost.exe[3312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0014
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0069
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE004E
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE002C
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE003D
    .text C:\WINDOWS\System32\svchost.exe[3312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0011
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C4000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C1000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C0000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C3000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B064C0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3964] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B066C0

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3104] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[3104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat A884CD20

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:140] 87705E7A
    Thread System [4:144] 87708008

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0

    ---- EOF - GMER 1.0.15 ----
     
  5. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    dds log

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by comers at 10:47:56 on 2011-05-26
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.472 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
    C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\COMMON~1\PHILIP~1\USBCON~1.EXE
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    svchost.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Documents and Settings\comers\Desktop\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101106133202.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [BestPopUpKiller] c:\program files\bestpopupkiller\BestPopupKiller.exe /startup
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [/AutoLaunchHDD70] c:\program files\philips\hdddmm\dmm\bin\AutoLaunchHDD70.exe
    mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
    mRun: [A Verizon App] c:\progra~1\verizo~1\helpsu~1\VERIZO~1.EXE
    mRun: [Motive SmartBridge] c:\progra~1\verizo~1\helpsu~1\smartb~1\MotiveSB.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\comers\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
    mPolicies-explorer: <NO NAME> =
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: musicmatch.com
    Trusted Zone: musicmatch.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226253832062
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.8275
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-17 386840]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-25 11608]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-3-17 84072]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-25 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-25 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-25 61960]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-3-17 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-3-17 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-3-17 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-3-17 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-3-17 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-17 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-17 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-3-17 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-3-17 88544]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-3-17 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-17 84264]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-30 40552]
    S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840]
    .
    =============== Created Last 30 ================
    .
    2011-05-25 17:14:21 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-25 17:14:20 -------- d-----w- c:\program files\Avira
    2011-05-25 17:14:20 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-05-25 14:30:05 -------- d-sh--w- c:\documents and settings\comers\IECompatCache
    2011-05-23 14:07:36 -------- d-----w- c:\documents and settings\comers\application data\start
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2010-03-10 01:16:46 293376 ----a-w- c:\program files\szo8idkt.exe
    2009-04-07 18:24:42 3089984 ----a-w- c:\program files\PhotomatixPro313.exe
    2006-11-18 13:25:53 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8771C1ED]<<
    _asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0xf7; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8779EAB8]
    3 CLASSPNP[0xF77E1FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP1T0L0-17[0x87783D98]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi -> 0x8771c1ed
    user != kernel MBR !!!
    Warning: possible MBR rootkit infection !
    MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 10:48:50.85 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  7. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/3/2004 1:51:55 PM
    System Uptime: 5/27/2011 8:29:46 AM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0M2035
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 50.799 GiB free.
    D: is FIXED (NTFS) - 112 GiB total, 111.684 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP114: 2/16/2011 6:38:09 PM - System Checkpoint
    RP115: 2/21/2011 7:24:48 PM - System Checkpoint
    RP116: 3/2/2011 2:24:56 PM - System Checkpoint
    RP117: 3/12/2011 1:00:20 PM - Software Distribution Service 3.0
    RP118: 3/14/2011 10:28:51 AM - System Checkpoint
    RP119: 3/16/2011 3:41:29 PM - System Checkpoint
    RP120: 3/17/2011 5:16:15 PM - Software Distribution Service 3.0
    RP121: 3/30/2011 1:00:17 PM - Software Distribution Service 3.0
    RP122: 3/31/2011 2:28:44 PM - System Checkpoint
    RP123: 4/12/2011 12:25:04 PM - System Checkpoint
    RP124: 4/14/2011 12:20:35 PM - System Checkpoint
    RP125: 4/14/2011 4:02:52 PM - Software Distribution Service 3.0
    RP126: 4/18/2011 12:06:21 PM - System Checkpoint
    RP127: 4/21/2011 1:00:17 PM - Software Distribution Service 3.0
    RP128: 4/25/2011 11:47:14 AM - System Checkpoint
    RP129: 4/28/2011 5:55:32 PM - Software Distribution Service 3.0
    RP130: 5/4/2011 11:21:36 AM - System Checkpoint
    RP131: 5/6/2011 9:59:49 PM - System Checkpoint
    RP132: 5/12/2011 1:00:17 PM - Software Distribution Service 3.0
    RP133: 5/15/2011 11:56:46 AM - System Checkpoint
    RP134: 5/17/2011 8:58:12 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    3ivx MPEG-4 5.0.3 (remove only)
    5500
    5500_Help
    5500Tour
    5500Trb
    6100
    6100_Help
    6100Tour
    6100Trb
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 2.0
    Adobe Media Player
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Photoshop Elements 4.0
    Adobe Photoshop Elements Digital Home
    Adobe Reader 9.4.1
    Adobe Shockwave Player
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Panorama Maker 4
    Avira AntiVir Personal - Free Antivirus
    BACS
    Banctec Service Agreement
    BlackBerry Media Sync
    BlackBerry® Media Sync
    Bonjour
    Broadcom Advanced Control Suite
    Calling all Titans! (remove only)
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.0
    Canon Utilities Digital Photo Professional 3.1
    Canon Utilities EOS Capture 1.5
    Canon Utilities EOS Utility
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Consumer Complete Care Services Agreement
    Copy
    CreativeProjects
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Networking Guide
    Dell Solution Center
    Dell Support Center (Support Software)
    DellSupport
    Director
    DocProc
    DVDSentry
    EOS Capture 1.5
    ERUNT 1.1j
    Facebook Plug-In
    Fax
    File Uploader
    Flickr Uploadr 3.0.5
    FlipShare
    FranklinCovey ScoreboardPlus
    Help and Support Customization
    Hide IP Platinum 1.75
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo & Imaging 3.1
    HP PSC & OfficeJet 3.0
    hpmdtab
    HPSystemDiagnostics
    Image Transfer
    ImageMixer for Sony
    InstantShare
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    Internet Explorer Default Page
    Internet Explorer Q903235
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro 8 Dell Edition
    Java Auto Updater
    Java(TM) 6 Update 18
    JumpStart Learning Games ABC's
    Kids Cam Sticker Factory
    Malwarebytes' Anti-Malware
    McAfee AntiVirus Plus
    McAfee Virtual Technician
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MicroStaff WINASPI
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Move Media Player
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Musicmatch® Jukebox
    Nikon Message Center
    Nikon Transfer
    NVIDIA Windows 2000/XP Display Drivers
    OTOY
    Overland
    Pencil-Pal First Grade
    Personal Ancestral File 5
    Philips DMM
    Photo Explosion
    PhotoGallery
    Photomatix Pro version 3.1.2
    Picture Control Utility
    Picture Package Music Transfer
    PowerDVD
    PrintScreen
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealArcade
    RealOne Player
    RealTime Cookie Cleaner v2.5
    ROES.whcc
    Scan
    Scholastic's I SPY Junior
    Scooby-Doo(TM), Jinx At The Sphinx(TM)
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    SkinsHP1
    SkinsHP2
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sony Picture Utility
    Sony USB Driver
    Sound Blaster Live!
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    TrayApp
    Unity Web Player
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Online DSL
    Verizon Online Help & Support
    VGA Dual-Mode Camera
    ViewNX
    Viewpoint Media Player
    WebFldrs XP
    WebReg
    Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 07/18/2006 2.0.1.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB894476
    Windows Mobile® Device Handbook
    Windows XP Service Pack 3
    WordPerfect Office 11
    Yahoo! Mail Quick Select Tool (PhotoMail)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/26/2011 10:21:33 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0007E94C3E09 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    5/25/2011 10:19:41 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.2, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
    5/25/2011 1:11:44 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
    5/25/2011 1:11:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\comers\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    5/25/2011 1:11:44 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
    5/23/2011 9:01:39 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/20/2011 9:24:45 AM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.6, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
    .
    ==== End Of File ===========================
     
  8. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    Yes I did run the Unhide and now my folders are back thank you And I also uninstalled MCAfee. The Avira that Im running scanned and found this virus "A0016863.com in TR/Trash.Gen" today.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very well :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  10. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    aswmbr log

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-28 07:10:00
    -----------------------------
    07:10:00.218 OS Version: Windows 5.1.2600 Service Pack 3
    07:10:00.218 Number of processors: 1 586 0x209
    07:10:00.218 ComputerName: DELL UserName:
    07:10:01.046 Initialize success
    07:10:06.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    07:10:06.031 Disk 0 Vendor: ST3120026AS 8.05 Size: 114440MB BusType: 3
    07:10:06.031 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
    07:10:06.046 Disk 1 Vendor: ST3120026AS 8.05 Size: 114440MB BusType: 3
    07:10:08.046 Disk 0 MBR read successfully
    07:10:08.046 Disk 0 MBR scan
    07:10:08.046 Disk 0 Windows XP default MBR code
    07:10:10.046 Disk 0 scanning sectors +234372285
    07:10:10.062 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:10:19.171 Service scanning
    07:10:20.546 Disk 0 trace - called modules:
    07:10:20.562 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x873191ed]<<
    07:10:20.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873caab8]
    07:10:20.562 3 CLASSPNP.SYS[f7821fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8738db00]
    07:10:21.078 \Driver\atapi[0x873986e8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x873191ed
    07:10:21.078 Scan finished successfully
    07:11:37.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\comers\Desktop\MBR.dat"
    07:11:37.843 The log file has been saved successfully to "C:\Documents and Settings\comers\Desktop\aswMBRlog.txt"
     
  11. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    rootkit unhooker log

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3338240 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.02 )
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2265088 bytes
    0x804D7000 RAW 2265088 bytes
    0x804D7000 WMIxWDM 2265088 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF65A8000 C:\WINDOWS\system32\drivers\P16X.sys 1298432 bytes (Creative Technology Ltd., WDM Audio Miniport)
    0xF6963000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1265664 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 )
    0xF67B8000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
    0xF66E5000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
    0xF64A6000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
    0xF765F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB257F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xEF2B7000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB2664000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB1008000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF341000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB10B0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xF7792000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB1FAC000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF7632000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB02F6000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB25EF000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF6902000 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 167936 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
    0xB263C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB2533000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0xB2559000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xF6560000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xF6584000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF692B000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF68DF000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB261A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80700000 ACPI_HAL 134400 bytes
    0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF772A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF7762000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF7618000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB20C9000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF774A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB251B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB20E2000 C:\WINDOWS\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF76EC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF648F000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB210F000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0xF7703000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
    0xB20FA000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB1F47000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF654C000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF694F000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB26BD000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF7718000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF7781000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF647E000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xEF731000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF6CBD000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF7881000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF7841000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF6CFD000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xEF711000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF723B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF724B000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
    0xF6CAD000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xEE011000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF0551000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF7851000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF7821000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF721B000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF6C9D000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF7801000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF6C7D000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF7861000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
    0xB0551000 C:\DOCUME~1\comers\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xEF761000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF6CED000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF77F1000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF6C8D000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF219C000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xF77E1000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF0561000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF4F0A000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF6CDD000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
    0xF7811000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF725B000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF6C6D000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xEF791000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB07A9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF7831000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xF5B09000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
    0xEF721000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF7AA1000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF00BC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF7A91000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF7AA9000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xF7A61000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF7B79000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7AC1000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF7AB1000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF7A99000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
    0xF7AB9000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF00B4000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0xF00D4000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xF7A89000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF00CC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xEDC90000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
    0xF00E4000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xF00C4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF7AD9000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
    0xF7A69000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF57D1000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF57C9000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF7AC9000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF61D7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF0A45000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xEF43A000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xEEF3C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF75CB000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF7CD1000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7BF1000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF6331000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF75CF000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
    0xF57C1000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xF75C3000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF75C7000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF7D2B000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
    0xEBAC5000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
    0xECC26000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xECF78000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
    0xEF7FF000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
    0xEF803000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xECF82000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF7CE1000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF7D29000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
    0xEBACB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF081C000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xF7D5B000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
    0xEBAC9000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF7D27000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xF7CFF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF7D05000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xEC317000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF7CE3000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7F2E000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF4363000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xEB318000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7DA9000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF7E7A000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF3E90000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    ==============================================
    >Stealth
    ==============================================
    0x8731AA91 Unknown page with executable code, 1391 bytes
    0x03B70000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x86BD6860 ] PID: 488, 28672 bytes
    0x87319288 Unknown page with executable code, 3448 bytes
    0x8731B191 Unknown page with executable code, 3695 bytes
    0x03950000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x86BD6860 ] PID: 488, 45056 bytes
    0xF7801000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
    0x8731DE7A Unknown thread object [ ETHREAD 0x872588C8 ] TID: 120, 600 bytes
    0x87320008 Unknown thread object [ ETHREAD 0x87258650 ] TID: 124, 600 bytes
    0x8731F0DE Unknown thread object [ ETHREAD 0x872583D8 ] , 600 bytes
    0x8731DB45 Unknown thread object [ ETHREAD 0x87259020 ] , 600 bytes
    0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x86BD6860 ] PID: 488, 77824 bytes
    0x8731FCDC Unknown page with executable code, 804 bytes
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  13. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    having problem running tdsskiller

    I downloaded and unzipped but when i douuble click the TDSSkiller it does nothing..I get a hourglass for a split sceond but then nothing happens...
     
  14. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    new problems

    I hooked up my ipod to the computer and it was updating and i hooked up a seagate drive to the usb slot and almost instantly i got the blue screen couldnt do anything but unplug the computer.

    I turned it back on and aftter a bit i got a window that said "services and controller app encountered a problem and needs to close" then i get a window that says " system shutdown authorized by NT authority\system status code 1073740972" and the computer shutsdown...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    combofix log

    ComboFix 11-05-29.01 - comers 05/29/2011 19:30:02.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.658 [GMT -4:00]
    Running from: c:\documents and settings\comers\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\comers\Application Data\Start
    c:\documents and settings\comers\Application Data\Start\temp_CCDE3245\flash.10.0.32.18.ocx
    c:\documents and settings\comers\GoToAssistDownloadHelper.exe
    c:\documents and settings\comers\System
    c:\documents and settings\comers\System\win_qs8.jqx
    c:\documents and settings\comers\WINDOWS
    c:\windows\system32\comrepl.exe
    c:\windows\system32\Data
    c:\windows\system32\drivers\fad.sys
    c:\windows\system32\logs
    c:\windows\system32\logs\{30A05E1A-34D9-4AA3-8686-39B19EB656D4}.log
    c:\windows\wiaserviv.log
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-27 15:01 . 2011-05-29 18:23 -------- d-----w- c:\windows\system32\NtmsData
    2011-05-27 15:00 . 2011-05-27 15:00 -------- d-----w- c:\documents and settings\comers\Application Data\Avira
    2011-05-25 17:14 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-25 17:14 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-05-25 17:14 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-05-25 17:14 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-05-25 17:14 . 2011-05-25 17:14 -------- d-----w- c:\program files\Avira
    2011-05-25 17:14 . 2011-05-25 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-05-25 14:30 . 2011-05-25 14:30 -------- d-sh--w- c:\documents and settings\comers\IECompatCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2004-03-02 17:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2002-08-29 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2003-07-15 21:01 1857920 ----a-w- c:\windows\system32\win32k.sys
    2010-03-10 01:16 . 2010-03-10 01:11 293376 ----a-w- c:\program files\szo8idkt.exe
    2009-04-07 18:24 . 2009-04-07 18:23 3089984 ----a-w- c:\program files\PhotomatixPro313.exe
    2006-11-18 13:25 . 2006-11-18 13:26 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-10-08 131072]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
    "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
    "Motive SmartBridge"="c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-14 385024]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-29 151597]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    .
    c:\documents and settings\comers\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-9-3 344064]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
    Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-6-26 73728]
    Photo Explosion Calendar Checker.lnk - c:\windows\Installer\{5BC304B7-84B4-43B3-8A62-EB9BC2051544}\PhotoExplosionCalendarChecker.exe [2004-6-8 40960]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
    backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^comers^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=c:\documents and settings\comers\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
    2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2003-08-06 06:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    2003-08-13 15:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-10-08 13:49 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-10-08 13:49 131072 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2003-11-03 18:46 4800512 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2003-08-27 00:47 204800 ------w- c:\program files\Dell\Media Experience\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2004-04-29 11:28 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2003-08-19 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/25/2011 1:14 PM 136360]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
    S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\SYSTEM32\DRIVERS\mr97310v.sys [7/18/2006 2:40 PM 99840]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    2004-09-30 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7096549002.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-10-07 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7097186667.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-10-19 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7098221899.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-11-05 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7099694715.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-11-05 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7099695834.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-11-07 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 5500 seriesA3652443A372B157BFD83129692C2C2475483DE7099787232.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2005-01-19 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p officejet 6100 seriesA3652443A372B157BFD83129692C2C2475483DE7106173509.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 22:50]
    .
    2004-09-30 c:\windows\Tasks\WebReg 20040930090213.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-10-07 c:\windows\Tasks\WebReg 20041007180915.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-10-19 c:\windows\Tasks\WebReg 20041019175822.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-11-05 c:\windows\Tasks\WebReg 20041105174613.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-11-05 c:\windows\Tasks\WebReg 20041105180155.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-11-05 c:\windows\Tasks\WebReg 20041105180430.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    2004-11-07 c:\windows\Tasks\WebReg 20041106193031.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 05:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: musicmatch.com
    Trusted Zone: musicmatch.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-BestPopUpKiller - c:\program files\BestPopUpKiller\BestPopupKiller.exe
    MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
    MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
    MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
    MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
    AddRemove-HijackThis - c:\documents and settings\comers\My Documents\My Pictures\HijackThis.exe
    AddRemove-Scooby-Doo(TM), Jinx At The Sphinx(TM) - c:\program files\The Learning Company\Scooby-Doo(TM)
    AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-29 19:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-22
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 234374998 (+1): user != kernel
    .
    **************************************************************************
    .
    Completion time: 2011-05-29 19:39:28
    ComboFix-quarantined-files.txt 2011-05-29 23:39
    .
    Pre-Run: 55,315,066,880 bytes free
    Post-Run: 55,640,260,608 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 981C786B52C417F687336FA86F353926
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good :)

    See, if you can run TDSSKiller now.

    Also, post fresh RKUnhooker log.
     
  18. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    2011/05/30 10:36:01.0388 2864 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
    2011/05/30 10:36:01.0841 2864 ================================================================================
    2011/05/30 10:36:01.0841 2864 SystemInfo:
    2011/05/30 10:36:01.0841 2864
    2011/05/30 10:36:01.0841 2864 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/30 10:36:01.0841 2864 Product type: Workstation
    2011/05/30 10:36:01.0841 2864 ComputerName: DELL
    2011/05/30 10:36:01.0841 2864 UserName: comers
    2011/05/30 10:36:01.0841 2864 Windows directory: C:\WINDOWS
    2011/05/30 10:36:01.0841 2864 System windows directory: C:\WINDOWS
    2011/05/30 10:36:01.0841 2864 Processor architecture: Intel x86
    2011/05/30 10:36:01.0841 2864 Number of processors: 1
    2011/05/30 10:36:01.0841 2864 Page size: 0x1000
    2011/05/30 10:36:01.0841 2864 Boot type: Normal boot
    2011/05/30 10:36:01.0841 2864 ================================================================================
    2011/05/30 10:36:03.0216 2864 Initialize success
    2011/05/30 10:36:25.0778 1060 ================================================================================
    2011/05/30 10:36:25.0778 1060 Scan started
    2011/05/30 10:36:25.0778 1060 Mode: Manual;
    2011/05/30 10:36:25.0778 1060 ================================================================================
    2011/05/30 10:36:26.0247 1060 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
    2011/05/30 10:36:26.0341 1060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/30 10:36:26.0403 1060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/30 10:36:26.0497 1060 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    2011/05/30 10:36:26.0591 1060 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/05/30 10:36:26.0653 1060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/30 10:36:26.0731 1060 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/30 10:36:26.0810 1060 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/05/30 10:36:26.0872 1060 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
    2011/05/30 10:36:26.0919 1060 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
    2011/05/30 10:36:27.0013 1060 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
    2011/05/30 10:36:27.0091 1060 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    2011/05/30 10:36:27.0153 1060 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    2011/05/30 10:36:27.0247 1060 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
    2011/05/30 10:36:27.0325 1060 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
    2011/05/30 10:36:27.0435 1060 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
    2011/05/30 10:36:27.0513 1060 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
    2011/05/30 10:36:27.0591 1060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/05/30 10:36:27.0653 1060 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
    2011/05/30 10:36:27.0731 1060 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
    2011/05/30 10:36:27.0810 1060 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
    2011/05/30 10:36:27.0919 1060 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2011/05/30 10:36:27.0981 1060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/30 10:36:28.0044 1060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/30 10:36:28.0185 1060 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/05/30 10:36:28.0294 1060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/30 10:36:28.0372 1060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/30 10:36:28.0481 1060 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/05/30 10:36:28.0544 1060 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/05/30 10:36:28.0622 1060 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/05/30 10:36:28.0685 1060 b57w2k (f26e6eaedea6eb87ae4c5d2f678a1bc2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/05/30 10:36:28.0763 1060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/30 10:36:28.0888 1060 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2011/05/30 10:36:29.0091 1060 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
    2011/05/30 10:36:29.0169 1060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/30 10:36:29.0294 1060 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/30 10:36:29.0372 1060 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
    2011/05/30 10:36:29.0450 1060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/30 10:36:29.0528 1060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/30 10:36:29.0606 1060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/30 10:36:29.0747 1060 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
    2011/05/30 10:36:29.0841 1060 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
    2011/05/30 10:36:29.0919 1060 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
    2011/05/30 10:36:29.0997 1060 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
    2011/05/30 10:36:30.0060 1060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/30 10:36:30.0169 1060 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/30 10:36:30.0263 1060 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/30 10:36:30.0325 1060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/30 10:36:30.0435 1060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/30 10:36:30.0497 1060 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    2011/05/30 10:36:30.0560 1060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/30 10:36:30.0638 1060 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2011/05/30 10:36:30.0700 1060 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
    2011/05/30 10:36:30.0810 1060 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2011/05/30 10:36:30.0872 1060 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    2011/05/30 10:36:30.0950 1060 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/05/30 10:36:31.0013 1060 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    2011/05/30 10:36:31.0138 1060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/30 10:36:31.0200 1060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/05/30 10:36:31.0247 1060 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/30 10:36:31.0310 1060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/05/30 10:36:31.0388 1060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/05/30 10:36:31.0497 1060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/30 10:36:31.0591 1060 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/30 10:36:31.0653 1060 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/05/30 10:36:31.0716 1060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/05/30 10:36:31.0778 1060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/30 10:36:31.0872 1060 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
    2011/05/30 10:36:31.0997 1060 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/05/30 10:36:32.0091 1060 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/05/30 10:36:32.0153 1060 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/05/30 10:36:32.0247 1060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/30 10:36:32.0356 1060 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/05/30 10:36:32.0450 1060 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
    2011/05/30 10:36:32.0513 1060 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/30 10:36:32.0606 1060 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    2011/05/30 10:36:32.0700 1060 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    2011/05/30 10:36:32.0778 1060 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    2011/05/30 10:36:32.0856 1060 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    2011/05/30 10:36:32.0935 1060 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    2011/05/30 10:36:33.0013 1060 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    2011/05/30 10:36:33.0091 1060 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    2011/05/30 10:36:33.0153 1060 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    2011/05/30 10:36:33.0263 1060 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    2011/05/30 10:36:33.0325 1060 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    2011/05/30 10:36:33.0450 1060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/30 10:36:33.0560 1060 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
    2011/05/30 10:36:33.0653 1060 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2011/05/30 10:36:33.0763 1060 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2011/05/30 10:36:33.0856 1060 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2011/05/30 10:36:33.0919 1060 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    2011/05/30 10:36:33.0997 1060 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/30 10:36:34.0060 1060 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/05/30 10:36:34.0122 1060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/30 10:36:34.0185 1060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/30 10:36:34.0263 1060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/30 10:36:34.0325 1060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/30 10:36:34.0419 1060 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/30 10:36:34.0481 1060 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/30 10:36:34.0544 1060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/30 10:36:34.0638 1060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/30 10:36:34.0794 1060 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
    2011/05/30 10:36:34.0872 1060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/30 10:36:34.0935 1060 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/30 10:36:35.0013 1060 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/05/30 10:36:35.0091 1060 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2011/05/30 10:36:35.0153 1060 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/30 10:36:35.0200 1060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/30 10:36:35.0278 1060 MR97310_VGA_DUAL_CAMERA (9d831a35657155bd3b79cbb1ebe5462e) C:\WINDOWS\system32\DRIVERS\mr97310v.sys
    2011/05/30 10:36:35.0356 1060 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
    2011/05/30 10:36:35.0450 1060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/30 10:36:35.0544 1060 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/30 10:36:35.0622 1060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/30 10:36:35.0685 1060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/30 10:36:35.0747 1060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/30 10:36:35.0810 1060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/30 10:36:35.0872 1060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/30 10:36:35.0935 1060 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/30 10:36:35.0997 1060 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/30 10:36:36.0075 1060 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/30 10:36:36.0169 1060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/30 10:36:36.0231 1060 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/30 10:36:36.0294 1060 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/30 10:36:36.0356 1060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/30 10:36:36.0403 1060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/30 10:36:36.0481 1060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/30 10:36:36.0544 1060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/30 10:36:36.0591 1060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/30 10:36:36.0716 1060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/05/30 10:36:36.0778 1060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/30 10:36:36.0856 1060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/30 10:36:36.0966 1060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/30 10:36:37.0091 1060 nv (66c90afbf0d10a93789f6544be459e72) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/05/30 10:36:37.0263 1060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/30 10:36:37.0341 1060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/30 10:36:37.0419 1060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/05/30 10:36:37.0513 1060 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
    2011/05/30 10:36:37.0638 1060 P16X (13026e137486d916a0677d276144ea7f) C:\WINDOWS\system32\drivers\P16X.sys
    2011/05/30 10:36:37.0731 1060 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2011/05/30 10:36:37.0778 1060 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/30 10:36:37.0856 1060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/30 10:36:37.0919 1060 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/30 10:36:37.0981 1060 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/30 10:36:38.0106 1060 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/30 10:36:38.0185 1060 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/30 10:36:38.0481 1060 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
    2011/05/30 10:36:38.0544 1060 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
    2011/05/30 10:36:38.0638 1060 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
    2011/05/30 10:36:38.0731 1060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/30 10:36:38.0794 1060 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/05/30 10:36:38.0856 1060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/30 10:36:38.0919 1060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/30 10:36:38.0997 1060 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    2011/05/30 10:36:39.0075 1060 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
    2011/05/30 10:36:39.0169 1060 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
    2011/05/30 10:36:39.0263 1060 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
    2011/05/30 10:36:39.0356 1060 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
    2011/05/30 10:36:39.0450 1060 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
    2011/05/30 10:36:39.0513 1060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/30 10:36:39.0591 1060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/30 10:36:39.0653 1060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/30 10:36:39.0716 1060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/30 10:36:39.0794 1060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/30 10:36:39.0872 1060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/30 10:36:39.0966 1060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/30 10:36:40.0075 1060 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/30 10:36:40.0169 1060 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/30 10:36:40.0278 1060 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2011/05/30 10:36:40.0403 1060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/30 10:36:40.0481 1060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/30 10:36:40.0544 1060 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/30 10:36:40.0622 1060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/30 10:36:40.0747 1060 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
    2011/05/30 10:36:40.0825 1060 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/30 10:36:40.0919 1060 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/05/30 10:36:41.0060 1060 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    2011/05/30 10:36:41.0153 1060 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2011/05/30 10:36:41.0247 1060 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
    2011/05/30 10:36:41.0341 1060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/30 10:36:41.0435 1060 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/30 10:36:41.0513 1060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/30 10:36:41.0575 1060 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2011/05/30 10:36:41.0638 1060 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/05/30 10:36:41.0700 1060 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
    2011/05/30 10:36:41.0763 1060 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/30 10:36:41.0825 1060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/30 10:36:41.0888 1060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/30 10:36:41.0981 1060 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    2011/05/30 10:36:42.0060 1060 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    2011/05/30 10:36:42.0138 1060 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    2011/05/30 10:36:42.0216 1060 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    2011/05/30 10:36:42.0263 1060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/30 10:36:42.0450 1060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/30 10:36:42.0591 1060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/30 10:36:42.0716 1060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/30 10:36:42.0841 1060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/30 10:36:42.0935 1060 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
    2011/05/30 10:36:42.0981 1060 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
    2011/05/30 10:36:43.0044 1060 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
    2011/05/30 10:36:43.0122 1060 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
    2011/05/30 10:36:43.0185 1060 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
    2011/05/30 10:36:43.0231 1060 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
    2011/05/30 10:36:43.0294 1060 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
    2011/05/30 10:36:43.0341 1060 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
    2011/05/30 10:36:43.0388 1060 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2011/05/30 10:36:43.0497 1060 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
    2011/05/30 10:36:43.0575 1060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/30 10:36:43.0638 1060 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
    2011/05/30 10:36:43.0716 1060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/30 10:36:43.0825 1060 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/05/30 10:36:43.0888 1060 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/30 10:36:44.0028 1060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/30 10:36:44.0169 1060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/30 10:36:44.0247 1060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/30 10:36:44.0325 1060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/30 10:36:44.0450 1060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/30 10:36:44.0528 1060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/30 10:36:44.0591 1060 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/30 10:36:44.0653 1060 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/05/30 10:36:44.0716 1060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/30 10:36:44.0794 1060 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
    2011/05/30 10:36:44.0856 1060 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    2011/05/30 10:36:44.0935 1060 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/30 10:36:45.0028 1060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/30 10:36:45.0185 1060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/30 10:36:45.0325 1060 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/30 10:36:45.0403 1060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/05/30 10:36:45.0591 1060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/05/30 10:36:45.0606 1060 ================================================================================
    2011/05/30 10:36:45.0606 1060 Scan finished
    2011/05/30 10:36:45.0606 1060 ================================================================================
    2011/05/30 10:36:45.0622 3092 Detected object count: 0
    2011/05/30 10:36:45.0622 3092 Actual detected object count: 0
     
  19. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    new rk unhooker log

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3338240 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 45.02 )
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2265088 bytes
    0x804D7000 RAW 2265088 bytes
    0x804D7000 WMIxWDM 2265088 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF66CD000 C:\WINDOWS\system32\drivers\P16X.sys 1298432 bytes (Creative Technology Ltd., WDM Audio Miniport)
    0xF6A4A000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1265664 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.02 )
    0xF689F000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
    0xF680A000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
    0xF65A5000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
    0xF765F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xED24E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xF651F000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xED333000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xEB7D7000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF341000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xEB8A7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xF7792000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xEC8BB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF7632000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xBA505000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xED2BE000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF69E9000 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 167936 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
    0xED30B000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xED1DA000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0xED228000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xF6685000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xF66A9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF6A12000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF69C6000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xED2E9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80700000 ACPI_HAL 134400 bytes
    0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF772A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF7762000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF7618000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xECC08000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF774A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xED19A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xECC21000 C:\WINDOWS\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF76EC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF658E000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xECC76000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0xF7703000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
    0xECC61000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
    0xEC8A6000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF6671000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF6A36000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xED38C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF7718000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF7781000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF657D000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xF72B7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF78F1000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF79E1000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF7841000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF78C1000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF7297000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF78A1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF7891000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
    0xF7901000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xECA40000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF79D1000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF7851000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF7821000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF78B1000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF7911000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF7801000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF7931000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF7861000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
    0xF7881000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF78D1000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF77F1000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF7921000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF79A1000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xF77E1000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF79B1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF7961000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF78E1000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
    0xF7811000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF6B7F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF7941000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF7A31000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xEB427000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF7831000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xF79C1000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF72A7000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF7B91000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF7AA1000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF7B81000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF7B99000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xF7A61000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF7AE1000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7BB1000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF7BA1000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF7B89000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
    0xF7BA9000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF7AA9000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0xF7A89000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xF7B79000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF7A91000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF7B39000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
    0xF7BE9000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xF7A99000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF7BD9000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
    0xF7A69000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF7BC9000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF7BD1000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF7BB9000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF7AC1000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF7C89000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xF7CD5000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xECC51000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF7CB9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xECCF3000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7BF1000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xED3DB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF7CB5000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
    0xF7C9D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xF7CC1000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF7CA1000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF7D0D000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
    0xF7D3F000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
    0xF7D2D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF7CEF000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
    0xF7D9B000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
    0xF7D57000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF7D2B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF7CE1000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF7CF3000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
    0xF7D2F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF7D73000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xF7CF5000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
    0xF7D31000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF7D0B000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xF7D0F000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF7D7B000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7D1F000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF7CE3000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7E25000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7F27000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF7E08000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7DA9000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF7E4E000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7E4F000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    ==============================================
    >Stealth
    ==============================================
    0x03B70000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x870454C8 ] PID: 448, 28672 bytes
    0x03750000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x870454C8 ] PID: 448, 45056 bytes
    0x02E00000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x870454C8 ] PID: 448, 77824 bytes


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    otl log

    Comuter is running good no windows popping up , no redirects, the only thing i notice is under the start tab the internet explorer says running with no add one-disabled. So I have another IE on my desktop that works.


    OTL logfile created on: 6/1/2011 7:58:11 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\comers\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.00 Mb Total Physical Memory | 541.45 Mb Available Physical Memory | 52.93% Memory free
    2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.72 Gb Total Space | 51.88 Gb Free Space | 46.44% Space Free | Partition Type: NTFS
    Drive D: | 111.76 Gb Total Space | 111.68 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
    Drive F: | 607.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELL | User Name: comers | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
    PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/24 18:00:26 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/01/16 16:31:26 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2007/01/15 14:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    PRC - [2005/09/09 01:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    PRC - [2005/05/23 14:20:28 | 000,050,744 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe
    PRC - [2005/05/20 11:11:52 | 000,357,944 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
    PRC - [2005/05/11 13:05:10 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
    PRC - [2005/05/09 19:17:28 | 000,108,088 | ---- | M] (Verizon Internet Solutions) -- C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
    PRC - [2005/04/13 20:51:22 | 000,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB.exe
    PRC - [2004/10/08 09:49:36 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    PRC - [2004/06/14 02:50:45 | 000,348,256 | ---- | M] () -- C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
    PRC - [2004/06/07 10:03:58 | 000,192,617 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Program Files\Common Files\PhilipsMM\USBConnectivity.exe
    PRC - [2004/04/29 07:28:00 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2002/10/16 20:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    PRC - [2002/04/17 13:19:16 | 000,069,632 | ---- | M] (Nova Development.) -- C:\Program Files\Nova Development\Photo Explosion\CalCheck.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2005/04/13 20:51:22 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\Help Support\SmartBridge\SBHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
    SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
    SRV - [2003/08/11 04:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
    SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
     
  22. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    otl log cont.

    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
    DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
    DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/30 14:46:02 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/07/18 14:40:40 | 000,099,840 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
    DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS -- (Aspi32)
    DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2003/01/07 18:41:12 | 000,166,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
    DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
    DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========



    [2010/01/30 12:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\comers\Application Data\Mozilla\Extensions

    O1 HOSTS File: ([2011/05/29 19:36:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O4 - HKLM..\Run: [/AutoLaunchHDD70] C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe ()
    O4 - HKLM..\Run: [A Verizon App] C:\Program Files\Verizon Online\Help Support\VerizonSupport.exe (Verizon Internet Solutions)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
    O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
    O4 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk = C:\WINDOWS\Installer\{5BC304B7-84B4-43B3-8A62-EB9BC2051544}\PhotoExplosionCalendarChecker.exe ()
    O4 - Startup: C:\Documents and Settings\comers\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226253832062 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.8275 (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\comers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\comers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/05/12 10:31:01 | 000,000,025 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/01 07:55:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
    [2011/05/29 19:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/05/29 19:26:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/29 19:20:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/29 19:20:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/29 19:20:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/29 19:20:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/29 19:18:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/29 19:15:23 | 004,296,826 | R--- | C] (Swearware) -- C:\Documents and Settings\comers\Desktop\ComboFix.exe
    [2011/05/28 07:06:21 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\comers\Desktop\aswMBR.exe
    [2011/05/27 11:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2011/05/27 11:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\comers\Application Data\Avira
    [2011/05/27 09:00:42 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\comers\Desktop\MCPR2.exe
    [2011/05/25 17:09:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\comers\Start Menu\Programs\Administrative Tools
    [2011/05/25 17:08:01 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\comers\Desktop\dds.scr
    [2011/05/25 13:28:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\comers\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/25 13:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/05/25 13:14:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/05/25 13:14:21 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/05/25 13:14:21 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/05/25 13:14:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/05/25 13:14:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/05/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/05/25 10:30:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\comers\IECompatCache
    [2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\comers\Desktop\TDSSKiller.exe
    [2011/05/24 11:56:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\comers\Recent
    [2009/04/07 14:23:38 | 003,089,984 | ---- | C] (HDRsoft Sarl ) -- C:\Program Files\PhotomatixPro313.exe
    [2006/11/18 09:26:02 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [2004/12/13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
    [2004/11/29 17:08:30 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
    [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
    [2011/06/01 07:47:21 | 000,000,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics
    [2011/06/01 07:46:19 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
    [2011/06/01 07:46:02 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2011/06/01 07:45:59 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/01 07:45:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/05/30 10:35:09 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\tdsskiller.zip
    [2011/05/29 19:36:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2011/05/29 19:26:21 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2011/05/29 19:15:23 | 004,296,826 | R--- | M] (Swearware) -- C:\Documents and Settings\comers\Desktop\ComboFix.exe
    [2011/05/28 07:21:06 | 000,033,948 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\rootkitunhookerReport
    [2011/05/28 07:16:47 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\RKUnhookerLE.EXE
    [2011/05/28 07:11:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\MBR.dat
    [2011/05/28 07:06:27 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\comers\Desktop\aswMBR.exe
    [2011/05/27 09:00:41 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\comers\Desktop\MCPR2.exe
    [2011/05/26 10:31:38 | 000,606,104 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\unhide.exe
    [2011/05/25 17:38:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/05/25 17:08:06 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\comers\Desktop\dds.scr
    [2011/05/25 14:09:37 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\g707kvqb.exe
    [2011/05/25 13:28:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\comers\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/25 13:14:45 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/25 13:10:35 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\comers\My Documents\avira_antivir_personal_en.exe
    [2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\comers\Desktop\TDSSKiller.exe
    [2011/05/24 11:28:45 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
    [2011/05/08 17:28:52 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\comers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/30 10:34:56 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\tdsskiller.zip
    [2011/05/29 19:33:03 | 000,002,417 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
    [2011/05/29 19:33:03 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2011/05/29 19:33:03 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
    [2011/05/29 19:32:39 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
    [2011/05/29 19:32:39 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
    [2011/05/29 19:32:39 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Networking Guide.lnk
    [2011/05/29 19:32:39 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
    [2011/05/29 19:32:39 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Media Experience.lnk
    [2011/05/29 19:32:39 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
    [2011/05/29 19:32:39 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2004.lnk
    [2011/05/29 19:32:39 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2011/05/29 19:32:39 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2011/05/29 19:32:39 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\RealOne Player.lnk
    [2011/05/29 19:32:38 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/05/29 19:32:38 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album 2.0 Starter Edition.lnk
    [2011/05/29 19:32:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2011/05/29 19:32:38 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
    [2011/05/29 19:32:38 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom Advanced Control Suite.lnk
    [2011/05/29 19:32:38 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 4.0.lnk
    [2011/05/29 19:32:38 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
    [2011/05/29 19:32:37 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
    [2011/05/29 19:32:37 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Product Registration.url
    [2011/05/29 19:32:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/05/29 19:26:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/05/29 19:26:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/29 19:20:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/29 19:20:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/29 19:20:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/29 19:20:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/29 19:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/28 07:21:06 | 000,033,948 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\rootkitunhookerReport
    [2011/05/28 07:16:46 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\RKUnhookerLE.EXE
    [2011/05/28 07:11:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\MBR.dat
    [2011/05/26 10:45:05 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
    [2011/05/26 10:45:05 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Sonic MyDVD.lnk
    [2011/05/26 10:45:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/26 10:45:05 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/05/26 10:45:05 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\RealArcade.lnk
    [2011/05/26 10:45:04 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Video Disc Copier.lnk
    [2011/05/26 10:45:04 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
    [2011/05/26 10:45:04 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ViewNX.lnk
    [2011/05/26 10:45:04 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/05/26 10:45:04 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide IP Platinum.lnk
    [2011/05/26 10:45:04 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Dsl.lnk
    [2011/05/26 10:45:03 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
    [2011/05/26 10:45:03 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Import Media Files (Handycam).lnk
    [2011/05/26 10:45:03 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picture Motion Browser.lnk
    [2011/05/26 10:45:03 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nikon Transfer.lnk
    [2011/05/26 10:45:03 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/05/26 10:45:03 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
    [2011/05/26 10:45:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/05/26 10:45:02 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Elements 4.0.lnk
    [2011/05/26 10:45:02 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
    [2011/05/26 10:31:32 | 000,606,104 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\unhide.exe
    [2011/05/25 14:09:42 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\comers\Desktop\g707kvqb.exe
    [2011/05/25 13:14:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/05/25 13:10:35 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\comers\My Documents\avira_antivir_personal_en.exe
    [2010/03/09 21:11:48 | 000,293,376 | ---- | C] () -- C:\Program Files\szo8idkt.exe
    [2010/01/21 11:22:48 | 000,043,480 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/01/03 13:09:50 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Basic Track
    [2010/01/03 13:09:50 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\comers\Application Data\Automatic Filter
    [2010/01/03 13:09:50 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    [2010/01/03 13:09:50 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Brother
    [2010/01/03 13:08:11 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\BSD
    [2010/01/03 13:08:11 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\comers\Application Data\Audio Units
    [2010/01/03 13:08:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2010/01/03 13:08:11 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Bass Reduction
    [2008/04/05 11:44:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\$_hpcst$.hpc
    [2008/03/18 10:04:17 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2007/11/24 05:34:59 | 000,000,275 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/11/24 05:34:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\KA.INI
    [2007/08/25 23:48:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TSMLite.INI
    [2007/05/13 21:47:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\marscam.ini
    [2007/05/11 22:22:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
    [2006/04/26 10:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2006/03/02 13:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2005/12/24 11:01:20 | 000,000,459 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2005/03/08 12:02:36 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2005/02/23 11:03:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/02/08 12:02:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/09/27 10:33:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\PFP110JPR.{PB
    [2004/09/27 10:33:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\comers\Application Data\PFP110JCM.{PB
    [2004/09/03 18:29:18 | 000,014,032 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/06/26 16:22:10 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
    [2004/06/26 16:13:01 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2004/06/26 16:08:39 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\comers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/06/08 23:33:12 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini
    [2004/05/11 13:32:36 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\comers\Local Settings\Application Data\fusioncache.dat
    [2004/05/11 12:04:30 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2004/05/11 12:04:30 | 000,028,948 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
    [2004/05/11 12:00:40 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2004/04/29 07:33:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/04/29 07:29:28 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2004/04/29 07:26:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/04/29 07:26:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2004/04/29 07:26:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2004/04/29 07:26:21 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
    [2004/04/29 07:26:21 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
    [2004/04/29 07:26:21 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
    [2004/04/29 07:26:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2004/04/29 07:26:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
    [2004/04/29 07:25:53 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2004/04/29 07:23:57 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/04/29 07:14:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2004/04/29 07:11:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/04/29 07:11:30 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2004/04/29 07:11:30 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2004/04/29 06:58:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/01/22 18:00:48 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/01/22 17:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
    [2004/01/22 17:58:10 | 000,000,840 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2003/11/20 14:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
    [2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
    [2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
    [2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
    [2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
    [2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
    [2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
    [2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2001/10/12 11:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
    [2001/10/12 11:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
    [2000/12/07 11:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
    [2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
    [1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
     
  23. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    end otl log

    ========== LOP Check ==========

    [2010/03/17 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/01/03 13:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2006/04/09 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/06/24 14:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
    [2005/08/26 13:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA318.tmp
    [2010/01/03 13:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2004/06/08 23:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
    [2009/10/12 14:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2008/01/26 10:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2006/04/26 10:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
    [2010/01/03 13:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2006/04/04 09:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/12/20 14:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/08 13:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/03/04 08:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Canon
    [2009/10/08 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2005/05/14 08:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Common Files
    [2010/04/17 19:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Facebook
    [2008/08/14 12:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Flickr
    [2009/01/15 11:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\HDRsoft
    [2004/05/03 13:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Leadertech
    [2010/01/03 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Nikon
    [2004/06/08 23:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Nova Development
    [2006/04/09 20:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Opera
    [2008/10/11 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Research In Motion
    [2005/06/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\School Zone Preferences
    [2009/02/14 15:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\SmartDraw
    [2009/04/06 16:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\comers\Application Data\Unity

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/05/11 22:22:27 | 000,000,035 | ---- | M] () -- C:\aa.txt
    [2006/04/09 17:24:01 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2010/03/12 15:56:36 | 000,001,418 | ---- | M] () -- C:\BFUlogdeepdive.txt
    [2006/04/01 12:13:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/05/29 19:26:21 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/05/29 19:39:29 | 000,015,404 | ---- | M] () -- C:\ComboFix.txt
    [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2004/04/29 07:02:18 | 000,006,837 | R--- | M] () -- C:\DELL.SDR
    [2007/10/09 17:34:11 | 000,000,398 | ---- | M] () -- C:\DownloadLog.txt
    [2011/06/01 07:45:59 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
    [2005/01/26 22:17:11 | 000,001,170 | ---- | M] () -- C:\hpcmerr.log
    [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\IO.SYS
    [2004/04/29 07:27:48 | 000,000,877 | ---- | M] () -- C:\IPH.PH
    [2010/06/24 14:50:40 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
    [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
    [2006/04/01 12:05:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/30 10:58:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2011/06/01 07:45:57 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/10 09:46:51 | 000,000,607 | ---- | M] () -- C:\rkill.log
    [2010/03/10 13:06:50 | 000,003,540 | ---- | M] () -- C:\RootRepeal report 03-10-10 (12-04-12).txt
    [2006/07/27 15:04:05 | 000,000,016 | ---- | M] () -- C:\s25g
    [2004/04/29 07:28:26 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2011/05/30 10:39:44 | 000,058,844 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_30.05.2011_10.36.01_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2002/09/03 09:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/04/07 14:24:42 | 003,089,984 | ---- | M] (HDRsoft Sarl ) -- C:\Program Files\PhotomatixPro313.exe
    [2006/11/18 09:25:53 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [2010/03/09 21:16:46 | 000,293,376 | ---- | M] () -- C:\Program Files\szo8idkt.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/05/03 13:52:55 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\comers\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/28 07:06:27 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\comers\Desktop\aswMBR.exe
    [2011/05/29 19:15:23 | 004,296,826 | R--- | M] (Swearware) -- C:\Documents and Settings\comers\Desktop\ComboFix.exe
    [2011/05/25 14:09:37 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\g707kvqb.exe
    [2010/03/10 21:27:52 | 016,258,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\comers\Desktop\jre-6u18-windows-i586.exe
    [2011/05/25 13:28:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\comers\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/27 09:00:41 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\comers\Desktop\MCPR2.exe
    [2011/06/01 07:55:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\comers\Desktop\OTL.exe
    [2011/05/28 07:16:47 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\RKUnhookerLE.EXE
    [2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\comers\Desktop\TDSSKiller.exe
    [2011/05/26 10:31:38 | 000,606,104 | ---- | M] () -- C:\Documents and Settings\comers\Desktop\unhide.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2002/04/15 17:50:12 | 000,012,106 | ---- | M] () -- C:\WINDOWS\Mr310twv.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2005/01/13 18:18:52 | 020,798,256 | ---- | M] (Netopsystems AG ) -- C:\Documents and Settings\comers\My Documents\AdbeRdr70_enu_full.exe
    [2011/05/25 13:10:35 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\comers\My Documents\avira_antivir_personal_en.exe
    [2005/10/05 18:10:56 | 106,303,944 | ---- | M] (Jasc Software Inc ) -- C:\Documents and Settings\comers\My Documents\English_PSPA_500_Deluxe_ESD_Extras.exe
    [2005/10/14 10:15:11 | 000,762,829 | ---- | M] (Volcano Force ) -- C:\Documents and Settings\comers\My Documents\hideippla.exe
    [2005/02/16 11:06:00 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\comers\My Documents\HijackThis.exe
    [2005/05/25 17:42:22 | 003,040,520 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\comers\My Documents\IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU.exe
    [2005/03/08 11:59:00 | 005,503,880 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\comers\My Documents\msjavx86.exe
    [2006/11/18 09:21:07 | 000,482,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\comers\My Documents\realarcade_plasticca_stub.exe
    [2005/10/08 16:09:54 | 001,882,088 | ---- | M] () -- C:\Documents and Settings\comers\My Documents\rtcc25.exe
    [2005/03/08 11:57:10 | 011,281,792 | ---- | M] (VerizonCommunications ) -- C:\Documents and Settings\comers\My Documents\sptcntrv1.3_DL_b3E.exe
    [2010/03/08 19:39:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\comers\My Documents\spybotsd162.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/03/30 12:10:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\comers\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/06/01 07:52:48 | 001,605,632 | ---- | M] () -- C:\Documents and Settings\comers\Cookies\INDEX.DAT

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/22 19:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2008/08/27 10:25:46 | 000,610,304 | ---- | M] () -- C:\WINDOWS\Installer\BBMediaSyncUninstall.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 13:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\MAILTMPL.TXT
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
    [2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
    [2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
    [2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
    [2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  24. wvpurplegal

    wvpurplegal TS Rookie Topic Starter Posts: 23

    extras

    OTL Extras logfile created on: 6/1/2011 7:58:11 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\comers\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.00 Mb Total Physical Memory | 541.45 Mb Available Physical Memory | 52.93% Memory free
    2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.20% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.72 Gb Total Space | 51.88 Gb Free Space | 46.44% Space Free | Partition Type: NTFS
    Drive D: | 111.76 Gb Total Space | 111.68 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
    Drive F: | 607.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELL | User Name: comers | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03adaa12-03a8-4a41-b631-632412958a7f}" = 6100Tour
    "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
    "{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
    "{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
    "{1a792121-5055-4722-9375-db9313a884ba}" = 6100Trb
    "{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
    "{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
    "{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{333512d8-ced1-4365-adfa-673f725d3d8c}" = 6100
    "{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3B55590C-8A9B-4BD6-B489-744B63026A2A}" = Adobe Photoshop Elements Digital Home
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
    "{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
    "{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
    "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
    "{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
    "{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
    "{5BC304B7-84B4-43B3-8A62-EB9BC2051544}" = Photo Explosion
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
    "{60984004-ae09-4009-9acf-1eeea39b2207}" = 5500_Help
    "{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
    "{94a0a859-8e01-45f2-9e7f-ac54c02d4f2c}" = 5500Trb
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
    "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
    "{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{c54e9481-9772-4624-98e1-2be432f53d85}" = 6100_Help
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{cc9d78d9-5517-4d55-8a68-1006e4134c80}" = 5500Tour
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
    "{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
    "{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{d40e4a88-ebc8-4d52-be3c-a4917a057ef0}" = Fax
    "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
    "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
    "{d9e29d2e-005f-4c58-8c9b-6724b6637b01}" = 5500
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
    "{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
    "{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
    "{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "3DGroove" = OTOY
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "AIMars" = Kids Cam Sticker Factory
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BBMediaSyncUninstall" = BlackBerry Media Sync
    "CAL" = Canon Camera Access Library
    "Calling all Titans!" = Calling all Titans! (remove only)
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "DPP" = Canon Utilities Digital Photo Professional 3.1
    "e7c04e821a1b45c4628bdd476e48961f" = Philips DMM
    "EOS Utility" = Canon Utilities EOS Utility
    "ERUNT_is1" = ERUNT 1.1j
    "Flickr Uploadr" = Flickr Uploadr 3.0.5
    "FranklinCovey ScoreboardPlus_is1" = FranklinCovey ScoreboardPlus
    "Hide IP Platinum_is1" = Hide IP Platinum 1.75
    "HP Photo & Imaging" = HP Photo & Imaging 3.1
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
    "InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    "InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
    "InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
    "InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "JSLG_ABC" = JumpStart Learning Games ABC's
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mr97310v_930effb4fb2946cade43a25b55651187aae405f3" = Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 07/18/2006 2.0.1.0
    "MWASPI" = MicroStaff WINASPI
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "ODSK" = Canon Utilities Original Data Security Tools
    "Pencil-Pal First Grade" = Pencil-Pal First Grade
    "PhotomatixPro3_is1" = Photomatix Pro version 3.1.2
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Q903235" = Internet Explorer Q903235
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealArcade 1.2" = RealArcade
    "RealPlayer 6.0" = RealOne Player
    "RealTime Cookie Cleaner_is1" = RealTime Cookie Cleaner v2.5
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Scholastic's I SPY Junior" = Scholastic's I SPY Junior
    "Shockwave" = Shockwave
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "UnityWebPlayer" = Unity Web Player
    "Verizon Online DSL_is1" = Verizon Online DSL
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1106919386-3255234024-250490514-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Move Media Player" = Move Media Player
    "ROES.whcc" = ROES.whcc

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/28/2011 7:30:43 AM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module jvm.dll, version 16.0.0.13, fault address 0x000f9f2d.

    Error - 5/28/2011 7:30:57 AM | Computer Name = DELL | Source = Application Error | ID = 1001
    Description = Fault bucket 1670440433.

    Error - 5/28/2011 7:31:00 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/28/2011 8:00:00 AM | Computer Name = DELL | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 5/29/2011 6:51:25 AM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application services.exe, version 5.1.2600.5755, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00001de6.

    Error - 5/29/2011 10:38:14 AM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application services.exe, version 5.1.2600.5755, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00001de6.

    Error - 5/29/2011 10:42:33 AM | Computer Name = DELL | Source = Application Error | ID = 1001
    Description = Fault bucket -1961281193.

    Error - 5/29/2011 10:49:02 AM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application services.exe, version 5.1.2600.5755, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00001de6.

    Error - 5/29/2011 10:49:49 AM | Computer Name = DELL | Source = Application Error | ID = 1001
    Description = Fault bucket -1961281193.

    Error - 5/29/2011 6:47:19 PM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application services.exe, version 5.1.2600.5755, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x00001de6.

    [ System Events ]
    Error - 5/29/2011 10:45:17 AM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/29/2011 12:59:02 PM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/29/2011 3:20:48 PM | Computer Name = DELL | Source = DCOM | ID = 10010
    Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
    with DCOM within the required timeout.

    Error - 5/29/2011 6:43:35 PM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/29/2011 6:55:00 PM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/29/2011 7:20:59 PM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/29/2011 7:29:51 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
    Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 5/30/2011 10:25:52 AM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.

    Error - 5/30/2011 4:34:28 PM | Computer Name = DELL | Source = DCOM | ID = 10010
    Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
    with DCOM within the required timeout.

    Error - 6/1/2011 7:47:21 AM | Computer Name = DELL | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.1.3, since
    the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
    are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
    please
    change the scope to include the IP address, or change the IP address to fall within
    the scope.


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      O15 - HKU\S-1-5-21-1106919386-3255234024-250490514-1007\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...CAB?38118.8275 (Reg Error: Key error.)
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
      [2006/04/04 09:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...