TechSpot

Seach Engine results keep redirecting to other links

By rachelb26
Apr 3, 2011
  1. I saw quite a few posts about this already, but I wanted to make sure I was doing the correct steps for my particular situation first.

    We have a Dell Vostro laptop with Windows XP.
    This problem started a few days ago. I go to Yahoo or Google and type keywords into the search engine. When I get the list of results, I click on one of the links. It takes me to a site that says "This document has moved, redirecting..." Then I am taken to a lesser-known search engine site.

    I've ran Malwarebytes and Spybot S&D:
    Malwarebytes found 6 items and removed 5, saying it could not remove the 1 item.
    Then I ran Spybot & it found 24 items and removed them.
    Then I ran Malwarebytes again and it did not find any items.
    Then I rebooted the computer and I am still having the same problem.

    How do I get this issue resolved? Any help will be greatly appreciated. I need to have this laptop fixed and working correctly again asap. Thank you.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Followed Your Instructions - Result Logs are Pasted

    Hello Broni,

    Thank you for the instructions. I followed them all and the internet is still redirecting. My scan logs are pasted below.

    --------------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6265

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/4/2011 4:09:57 AM
    mbam-log-2011-04-04 (04-09-57).txt

    Scan type: Quick scan
    Objects scanned: 172588
    Time elapsed: 6 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------------------------------------

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-04 09:48:09
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
    Running: 2eqryc38[1].exe; Driver: C:\DOCUME~1\DEREKF~1\LOCALS~1\Temp\uwlirpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT A78A3E4E ZwCreateKey
    SSDT A78A3E44 ZwCreateThread
    SSDT A78A3E53 ZwDeleteKey
    SSDT A78A3E5D ZwDeleteValueKey
    SSDT A78A3E62 ZwLoadKey
    SSDT A78A3E30 ZwOpenProcess
    SSDT A78A3E35 ZwOpenThread
    SSDT A78A3E6C ZwReplaceKey
    SSDT A78A3E67 ZwRestoreKey
    SSDT A78A3E58 ZwSetValueKey

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DE8184]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DE80CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DE80A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DE80B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DE8112]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DE815A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DE81AE]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DE819A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DE816E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9DE8172 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9DE8188 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9DE819E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9DE815E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9DE80A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9DE80BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9DE81B2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9DE8116 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9DE80D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8B74380, 0x37DE8D, 0xE8000020]
    init C:\WINDOWS\system32\Drivers\OEM13Afx.sys entry point in "init" section [0xB451C310]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90FEF
    .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B90025
    .text C:\WINDOWS\system32\svchost.exe[284] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90014
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F66
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80065
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80054
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F97
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FC3
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80076
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F2E
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80EEE
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80087
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800AC
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FA8
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FEF
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F4B
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8002F
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80FDE
    .text C:\WINDOWS\system32\svchost.exe[284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F09
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0036
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC006C
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0025
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0FAF
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BC0FCA
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DC, 88]
    .text C:\WINDOWS\system32\svchost.exe[284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0051
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0066
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FDB
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB003A
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB000C
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB004B
    .text C:\WINDOWS\system32\svchost.exe[284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0029
    .text C:\WINDOWS\system32\svchost.exe[284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\Explorer.EXE[496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FD0000
    .text C:\WINDOWS\Explorer.EXE[496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FD0025
    .text C:\WINDOWS\Explorer.EXE[496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FD0FE5
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F5E
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0053
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0F79
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F94
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FA5
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC007A
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F32
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC00C1
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00B0
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC00D2
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC002C
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0FE5
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F43
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0011
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FCA
    .text C:\WINDOWS\Explorer.EXE[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC009F
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990FE5
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00990F9B
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990036
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990011
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00990062
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00990000
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00990FCA
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B9, 88]
    .text C:\WINDOWS\Explorer.EXE[496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990051
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0038
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FAD
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FC8
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0027
    .text C:\WINDOWS\Explorer.EXE[496] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FE3
    .text C:\WINDOWS\Explorer.EXE[496] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\Explorer.EXE[496] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE0FE5
    .text C:\WINDOWS\Explorer.EXE[496] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FD4
    .text C:\WINDOWS\Explorer.EXE[496] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00FE0FC3
    .text C:\WINDOWS\Explorer.EXE[496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01BF0FE5
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FE5
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F000A
    .text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0FD4
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FE5
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E0F5E
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0053
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E002C
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0F6F
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0FA5
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F21
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F32
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0ED0
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E0EF5
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0EBF
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E0F8A
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E0FCA
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E0F43
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0011
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0000
    .text C:\WINDOWS\system32\svchost.exe[508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E0F06
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00820FC3
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820080
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00820FDE
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820FEF
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0082005B
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0082000A
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0082004A
    .text C:\WINDOWS\system32\svchost.exe[508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00820039
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00810064
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810049
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0081001D
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00810FEF
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0081002E
    .text C:\WINDOWS\system32\svchost.exe[508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0081000C
    .text C:\WINDOWS\system32\svchost.exe[508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00800FE5
    .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00380000
    .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038001B
    .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00380FE5
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0037000A
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00370F7E
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00370069
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00370058
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00370F9B
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00370FC0
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 003700BA
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 003700A9
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00370F3C
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003700D5
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003700F0
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00370047
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0037001B
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00370098
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00370036
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00370FEF
    .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00370F57
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0047
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0FAF
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0022
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0011
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE006C
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0000
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0FCA
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
    .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0FDB
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD0FE5
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0070
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0044
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0000
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0055
    .text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD001D
    .text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00390FEF
    .text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0039000A
    .text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00390FD4
    .text C:\WINDOWS\system32\svchost.exe[1124] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00390FAF
    .text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A0000
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E3000A
    .text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E30FD4
    .text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E30FEF
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E20000
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E2006F
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E20F7A
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E20F8B
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E20FA8
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E20FCA
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E200A7
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E20F5F
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E20F1F
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E200C2
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E200D3
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E20FB9
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E20FDB
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E2008A
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E2002C
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E2001B
    .text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E20F44
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FAF
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0051
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FC0
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FDB
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0F94
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE002C
    .text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE001B
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FAD
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0038
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0FC8
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0000
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0027
    .text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0FE3
    .text C:\WINDOWS\system32\services.exe[1588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FEF
    .text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF0FD1
    .text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF0011
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0F8F
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0084
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0FB6
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0069
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE004E
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE00C3
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE00B2
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE0100
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE00EF
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE0F4C
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0FC7
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE001B
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0095
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE003D
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE002C
    .text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE00D4
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011A002C
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011A0065
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011A001B
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011A0000
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011A0FA8
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011A0FEF
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 011A0FB9
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [3A, 89]
    .text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011A0FCA
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01190F7A
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 01190F8B
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01190FC1
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01190FE3
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01190FA6
    .text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01190FD2
    .text C:\WINDOWS\system32\lsass.exe[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01180FEF
    .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE0FCA
    .text C:\WINDOWS\system32\svchost.exe[1836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE0000
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD006C
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0051
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F6D
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0036
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FAF
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0F52
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD008E
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD00BF
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0F30
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0F15
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0F94
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD0FD4
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD007D
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD001B
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD000A
    .text C:\WINDOWS\system32\svchost.exe[1836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD0F41
    .text
     
  4. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Results Logs - Contd.

    C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FDE
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D1006F
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10025
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10FEF
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10054
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D10FB2
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F1, 88]
    .text C:\WINDOWS\system32\svchost.exe[1836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10FCD
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00FA6
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00031
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D0000C
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FB7
    .text C:\WINDOWS\system32\svchost.exe[1836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00FD2
    .text C:\WINDOWS\system32\svchost.exe[1836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FE5
    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FDE
    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FEF
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F4D
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA004C
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F72
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA002F
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FA8
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F3C
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0078
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F06
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F21
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0EEB
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F97
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0067
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0014
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0095
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B9001B
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90062
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FCA
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90FE5
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90047
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90000
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B90036
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90FAF
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0053
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0042
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FD2
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0027
    .text C:\WINDOWS\system32\svchost.exe[1880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC000C
    .text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE0FD4
    .text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F800E1
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F800D0
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F800BF
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F800A2
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F8006C
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80119
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80FD1
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80FAC
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80145
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80F87
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F8007D
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F8001B
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F800FC
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80051
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80036
    .text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F8012A
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010A0047
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010A0FAF
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010A002C
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010A0011
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010A0FCA
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010A0000
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 010A0FE5
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [2A, 89]
    .text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010A0062
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01090F86
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!system 77C293C7 5 Bytes JMP 01090FA1
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01090FBC
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01090000
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01090011
    .text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01090FD7
    .text C:\WINDOWS\system32\svchost.exe[1932] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0344000A
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03440025
    .text C:\WINDOWS\System32\svchost.exe[1992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03440FEF
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03420000
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0342007D
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03420F88
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03420062
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03420051
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03420FB6
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034200B5
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03420F6D
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03420F26
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03420F37
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03420F15
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03420FA5
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03420011
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03420098
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03420FD1
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03420022
    .text C:\WINDOWS\System32\svchost.exe[1992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03420F52
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03F50FCD
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03F50F7C
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03F5001E
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03F50FDE
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03F50043
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03F50FEF
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03F50FA1
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 8C]
    .text C:\WINDOWS\System32\svchost.exe[1992] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03F50FB2
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03F40F8B
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!system 77C293C7 5 Bytes JMP 03F40F9C
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03F40FD2
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03F40000
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03F40FB7
    .text C:\WINDOWS\System32\svchost.exe[1992] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03F40FE3
    .text C:\WINDOWS\System32\svchost.exe[1992] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03F30000
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 037E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 037E0FCA
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 037E0FB9
    .text C:\WINDOWS\System32\svchost.exe[1992] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 037E000A
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00380000
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0038002C
    .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00380011
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00370FEF
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00370065
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00370F70
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00370F8B
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00370054
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037002F
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00370096
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00370F44
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003700A7
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00370F18
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00370EFD
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00370FA8
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0037000A
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00370F55
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00370FCD
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00370FDE
    .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00370F29
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0FBC
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0F5A
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0FCD
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FDE
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0F6B
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A0FEF
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0F86
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
    .text C:\WINDOWS\system32\svchost.exe[2036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A0FA1
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390FB2
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390FCD
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390FEF
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0039000C
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FDE
    .text C:\WINDOWS\system32\svchost.exe[2036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390029
    .text C:\program files\real\realplayer\update\realsched.exe[2164] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\WINDOWS\System32\svchost.exe[2368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F000A
    .text C:\WINDOWS\System32\svchost.exe[2368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0036
    .text C:\WINDOWS\System32\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F001B
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FE5
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E0098
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E007D
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E006C
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0FB9
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0040
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E00C9
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F81
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0109
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E00F8
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0F55
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E005B
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E000A
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E0F92
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E002F
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E0FD4
    .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E0F70
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0FAF
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0058
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0000
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FD4
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0047
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FE5
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007D002C
    .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D001B
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E003D
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FBC
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FCD
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E002C
    .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0011
    .text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FEF
    .text C:\WINDOWS\System32\svchost.exe[2664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007F0FE5
    .text C:\WINDOWS\System32\svchost.exe[2664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007F0011
    .text C:\WINDOWS\System32\svchost.exe[2664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007F0000
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E0FE5
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007E0053
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007E0042
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007E0F5E
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007E0F79
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007E0F9E
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007E0F32
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007E0F43
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007E0F06
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007E0F21
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007E0EEB
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007E001B
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007E0FD4
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007E006E
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007E0FAF
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007E000A
    .text C:\WINDOWS\System32\svchost.exe[2664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007E0095
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D002C
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0051
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0011
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FDB
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0F94
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0000
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007D0FA5
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 88]
    .text C:\WINDOWS\System32\svchost.exe[2664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0FC0
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0029
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0F9E
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FC3
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FEF
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0018
    .text C:\WINDOWS\System32\svchost.exe[2664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0FDE
    .text C:\WINDOWS\System32\svchost.exe[2664] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0FE5
    .text C:\WINDOWS\system32\svchost.exe[3476] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0FEF
    .text C:\WINDOWS\system32\svchost.exe[3476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD001E
    .text C:\WINDOWS\system32\svchost.exe[3476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FDE
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00820000
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00820078
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00820F79
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00820051
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00820F94
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0082002C
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008200B7
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008200A6
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008200F4
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008200E3
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00820F4A
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00820FAF
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00820011
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00820089
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00820FC0
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00820FDB
    .text C:\WINDOWS\system32\svchost.exe[3476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008200C8
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00810025
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00810076
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00810FD4
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00810FEF
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00810FB9
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0081000A
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00810051
    .text C:\WINDOWS\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00810040
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E005D
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0042
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FD2
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E001D
    .text C:\WINDOWS\system32\svchost.exe[3476] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0FE3
    .text C:\WINDOWS\system32\svchost.exe[5124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\system32\svchost.exe[5124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FDB
    .text C:\WINDOWS\system32\svchost.exe[5124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0009001B
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F66
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0065
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F8D
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F9E
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FD4
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F33
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F44
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00A7
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F0E
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0EFD
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FC3
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0011
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F55
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0036
    .text C:\WINDOWS\system32\svchost.exe[5124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0096
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FAF
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F57
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A000A
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FDE
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F68
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F83
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
    .text C:\WINDOWS\system32\svchost.exe[5124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0F9E
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0064
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0053
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F0FE3
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0038
    .text C:\WINDOWS\system32\svchost.exe[5124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0011

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\mfevtps.exe[2292] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\WINDOWS\system32\mfevtps.exe[2292] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat A1680D20

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:5324] A1D59730

    ---- EOF - GMER 1.0.15 ----
     
  5. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Result Logs - Contd. (Last Post of Logs)

    --------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Derek Fulford at 9:56:53.79 on Mon 04/04/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.969 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Internet Content Filter\UpdateService.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\DRIVERS\o2flash.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Verizon\VSP\ServicepointService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\OEM13Mon.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Internet Content Filter\mfp.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\YouSendIt\Express\YouSendIt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\WNIK62JA\dds[1].scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://m.www.yahoo.com/
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081115
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101221081859.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
    uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [FinishOptions] c:\docume~1\derekf~1\locals~1\temp\hpbinxst.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
    mRun: [ICF] c:\program files\internet content filter\mfp.exe -noact
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
    StartupFolder: c:\docume~1\derekf~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: ICF.dll
    Trusted Zone: isqft.com\www
    Trusted Zone: isqft.com\www
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Filter: text/html - {5ec7287d-6af3-4a5a-856d-e19c5106dd9b} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: cryptnet32 - cryptnet32.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-21 386840]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-4 11608]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-21 84072]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-4 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-4 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-4 61960]
    R2 fpUpdateSvc;Family Protection Update Service;c:\program files\internet content filter\UpdateService.exe [2010-7-5 228352]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-7-5 88176]
    R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-21 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-21 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-21 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-21 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-21 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-21 141792]
    R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-7-5 689392]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-21 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-21 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-21 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-21 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 88544]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-11-15 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-11-15 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2008-11-15 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2008-11-15 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-11-15 235840]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-15 30192]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-21 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-21 84264]
    .
    =============== Created Last 30 ================
    .
    2011-04-04 05:56:47 -------- d-----w- c:\docume~1\derekf~1\applic~1\Avira
    2011-04-04 05:51:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-04 05:51:45 -------- d-----w- c:\program files\Avira
    2011-04-04 05:51:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-04-04 05:10:02 -------- d-----w- c:\program files\AVAST Software
    2011-04-04 05:10:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-04-03 23:55:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-03 23:55:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-04-02 19:19:51 296070 ----a-w- c:\windows\system32\shimg.dll
    2011-03-31 05:19:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-03-31 05:19:29 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-03-12 13:05:15 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    .
    ==================== Find3M ====================
    .
    2011-04-04 01:32:45 256 ----a-w- c:\windows\system32\pool.bin
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 9:58:29.45 ===============

    --------------------------------------------------------------------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/21/2008 9:22:43 PM
    System Uptime: 4/4/2011 7:49:08 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0F804H
    Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1795/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 114.48 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C6300 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C6300 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 2430
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 2430
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4050 Series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4050 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 2430
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 2430
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp color LaserJet 4600
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: Hewlett-Packard
    Name: hp color LaserJet 4600
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    ==== System Restore Points ===================
    .
    RP342: 1/5/2011 8:27:56 PM - System Checkpoint
    RP343: 1/7/2011 8:33:35 PM - System Checkpoint
    RP344: 1/10/2011 9:15:29 PM - Installed Windows Media Player 11
    RP345: 1/10/2011 9:17:53 PM - Software Distribution Service 3.0
    RP346: 1/13/2011 9:14:16 PM - Software Distribution Service 3.0
    RP347: 1/14/2011 5:22:05 PM - Software Distribution Service 3.0
    RP348: 1/15/2011 7:39:38 PM - System Checkpoint
    RP349: 1/17/2011 8:01:30 AM - System Checkpoint
    RP350: 1/20/2011 9:00:32 PM - System Checkpoint
    RP351: 1/22/2011 10:18:28 AM - System Checkpoint
    RP352: 1/23/2011 10:29:56 AM - System Checkpoint
    RP353: 1/26/2011 9:00:14 PM - System Checkpoint
    RP354: 1/28/2011 10:26:44 PM - System Checkpoint
    RP355: 1/31/2011 11:30:58 PM - System Checkpoint
    RP356: 2/2/2011 6:21:35 PM - System Checkpoint
    RP357: 2/3/2011 10:04:11 PM - System Checkpoint
    RP358: 2/4/2011 10:23:54 PM - System Checkpoint
    RP359: 2/6/2011 10:43:18 PM - System Checkpoint
    RP360: 2/8/2011 8:59:32 PM - System Checkpoint
    RP361: 2/9/2011 3:41:20 PM - Software Distribution Service 3.0
    RP362: 2/10/2011 4:17:55 PM - Software Distribution Service 3.0
    RP363: 2/11/2011 11:12:03 PM - System Checkpoint
    RP364: 2/13/2011 8:14:06 AM - System Checkpoint
    RP365: 2/14/2011 10:24:08 PM - System Checkpoint
    RP366: 2/16/2011 8:35:44 PM - System Checkpoint
    RP367: 2/18/2011 9:47:15 PM - System Checkpoint
    RP368: 2/21/2011 7:30:04 AM - System Checkpoint
    RP369: 2/22/2011 7:00:14 PM - System Checkpoint
    RP370: 2/28/2011 8:31:19 PM - System Checkpoint
    RP371: 3/1/2011 9:40:54 PM - System Checkpoint
    RP372: 3/2/2011 11:21:44 PM - System Checkpoint
    RP373: 3/6/2011 5:41:46 PM - System Checkpoint
    RP374: 3/7/2011 8:07:16 PM - System Checkpoint
    RP375: 3/8/2011 11:55:39 PM - System Checkpoint
    RP376: 3/9/2011 5:10:25 PM - Software Distribution Service 3.0
    RP377: 3/10/2011 9:33:12 PM - System Checkpoint
    RP378: 3/12/2011 10:33:03 AM - System Checkpoint
    RP379: 3/13/2011 2:51:55 PM - Software Distribution Service 3.0
    RP380: 3/14/2011 5:14:50 PM - System Checkpoint
    RP381: 3/16/2011 4:23:49 PM - Software Distribution Service 3.0
    RP382: 3/17/2011 10:47:44 PM - System Checkpoint
    RP383: 3/21/2011 4:54:00 PM - System Checkpoint
    RP384: 3/22/2011 5:21:58 PM - System Checkpoint
    RP385: 3/24/2011 10:52:00 AM - System Checkpoint
    RP386: 3/25/2011 11:36:40 AM - System Checkpoint
    RP387: 3/28/2011 7:54:03 PM - Software Distribution Service 3.0
    RP388: 3/30/2011 6:47:04 PM - System Checkpoint
    RP389: 3/31/2011 1:18:29 AM - Restore Operation
    RP390: 4/1/2011 11:31:26 AM - System Checkpoint
    RP391: 4/2/2011 6:51:04 PM - System Checkpoint
    RP392: 4/3/2011 8:15:29 PM - System Checkpoint
    RP393: 4/4/2011 1:10:02 AM - avast! Free Antivirus Setup
    RP394: 4/4/2011 1:33:06 AM - avast! Free Antivirus Setup
    .
    ==== Hosts File Hijack ======================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BlackBerry Desktop Software 4.7
    BlackBerry® Media Sync
    Bonjour
    Browser Address Error Redirector
    BufferChm
    C6300
    C6300_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Compatibility Pack for the 2007 Office system
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    Destination Component
    DeviceDiscovery
    DeviceFunctionQFolder
    DocProc
    DocProcQFolder
    Family Protection
    FullDPAppQFolder
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB946554)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 11.0
    HP Image Zone 5.3
    HP Imaging Device Functions 11.0
    HP LaserJet 2410/2420/2430
    hp LaserJet Toolbox
    HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Scanjet 4370
    HP Smart Web Printing
    HP Software Update
    HP Solution Center 11.0
    HP Update
    hpg4370
    hpg4370QFolder
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    InstantShareDevices
    iSqFt Full Viewer V4.01
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 7
    Laptop Integrated Webcam Driver (1.01.01.0529)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Small Business Edition 2003
    Microsoft Office Word 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    MSN
    MSN Toolbar
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB927977)
    Network
    NVIDIA Drivers
    OCR Software by I.R.I.S. 11.0
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PhotoGallery
    PowerDVD
    PS_AIO_04_C6300_ProductContext
    PS_AIO_04_C6300_Software
    PS_AIO_04_C6300_Software_Min
    PSSWCORE
    QuickBooks Pro 2007
    QuickBooks Product Listing Service
    QuickSet
    QuickTime
    RandMap
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Media Manager
    Roxio Update Manager
    Safari
    Scan
    ScannerCopy
    Seagate Manager Installer
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SkinsHP1
    SmartWebPrinting
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Sonic_PrimoSDK
    Spybot - Search & Destroy
    Status
    SupportSoft Assisted Service
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB960763)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    V CAST Music with Rhapsody
    Verizon Internet Security Suite
    Verizon Servicepoint 3.5.14
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    WinZip 14.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    Yahoo! Toolbar
    YouSendIt Express
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/1/2011 9:42:06 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNaiAnn service.
    3/30/2011 4:27:49 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    3/30/2011 4:26:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    3/30/2011 4:26:25 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    3/29/2011 7:59:38 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer D7SP45D1 using any of the configured protocols.
    3/29/2011 7:59:38 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer D19K9QB1 using any of the configured protocols.
    3/29/2011 5:06:22 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service RoxWatch9 with arguments "" in order to run the server: {537D2B45-D156-4D32-B7A7-08084BBCCC06}
    3/28/2011 7:55:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    3/28/2011 7:55:04 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/28/2011 7:54:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
    .
    ==== End Of File ===========================

    --------------------------------------------------------------------------------------------------------
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Combofix.txt Log

    The Combofix.txt Log is here:

    ComboFix 11-04-05.01 - Derek Fulford 04/05/2011 18:22:30.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -4:00]
    Running from: c:\documents and settings\Derek Fulford\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\documents and settings\Derek Fulford\20091112 Mechanical Narrative
    c:\documents and settings\Derek Fulford\20091112 Mechanical Narrative\Mechanical Systems Narrative 11-13-09 Update 2.doc
    c:\documents and settings\Derek Fulford\20091112 Mechanical Narrative\Mechanical Systems Narrative.doc
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Architectural Base Building.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Architectural Option 1.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Base Building 114 Bus Fire Ratings.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Base Building 250 Bus Fire Ratings.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Room STC Ratings.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Architectural\Southeastern Bus Code Analysis Draft.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1040 Bin Nut and Bolt.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1105 Cabinet 6 Drawer 33 inch.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\11113 Cabinet 9 Drawer 59 inch.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1220 Desk Stand Up.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1310 Ladder Safety Rolling 9 Step.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1312 Scaffold De-Icing.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1490 Rack Gas Cylinder Portable.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1530 Rack Pallet 42 inch Deep 10.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1530 Rack Pallet 42 inch Deep.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1640 Rack Tire Stackable.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1680 Shelving Unit 18 inch.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1725 Cabinet Materials Storage A.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1725 Cabinet Materials Storage.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\1860 Severe Use Workbench.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2030 Battery Bench.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2080 Buffer Grinder 10 w dust.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2110 Cage Inflation Tire.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2130 Charger Battery Fixed Bus.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2215 Drill Press Chuck Key.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2215 Drill Press Variable Speed.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2450 Mounter Demounter Truck Tire.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2535 Press Electric Hydraulic 80 Ton.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\2832 Vise Combination w swivel.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3357 Scrubber floor Battery walk.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3624 Vacuum System Central 8.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3720 Washer Pressure Hot Water.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3720A Hose Reel for 3720.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3785 Washer Parts Jet Spray.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3901 Washer Vehicle Drive Through.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3901 Washer Vehicle Drive thru 4.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\3936 Water Reclamation System.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\4912 Wheel Balancer Electronic.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5015 Cart Battery Lift.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5030 Cart Parts.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5080 Crane Jib Compression 12.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5280 Crane Portable 2 ton.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5290 Dolly Drum 600 Pound.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5362 Hoist Chain Elec.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5650 Lift Axle adj 2 Post Modular.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\5670 Lift axle adj 3 Post Modular.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\6235 Personal Fall Protection Unit B.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\6235 Personal Fall Protection Unit C.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\6235 Personal Fall Protection Unit.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\7800 Vault Reciever Farebox.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\7820 Data Collection & Reporting.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\8190 Drops Air Electric Trapeze.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\114 Bus Base\8245 Gantry Fuel Hose Nozzle.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\1140 storage-cabinets_flammabl.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\1185 Shop Storage Cabinet.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\1420 Rack Arm Single Face 7 foot high.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\1765 Table Layout steel top 120 x 36.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\1776 Table Layout wood top 120 x 36.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\20297644 KBK Bible 09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\20607644 Op-InstClassic.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2210 Drill Press Variable Speed 17 inch.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2260 Grinder 12 inch Disk 6 inch Belt.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2640 Refrigerant reclamation system 50lb portable.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2690 Band saw.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2690 Saw, Band.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2713 Dust Bag.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2713 Miter saw 10.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2900 Portable MIG welder.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2920 Welder oxyacetylene portable w cart.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2925 Portable Plasma Cutter.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\2935 TIG Welder.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\3560 Parts cleaning tank medium.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5074A-B Bridge Crane.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5312 Wheel Dolly.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5460 Hopper.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5555 Paint Booth Man Lift.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5703 Parallelogram 50,000 32 ft.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5707 Parallelogram 75,000 48 ft.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\5707W Parallelogram 75,000 48 ft.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\6050 Anchor Bolt-turret.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\6050 Anchor Bolt.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\6108 Paint Booth, cross-draft.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\6670 Paint Shaker.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8165A-B Used Fluid Drain Pan.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-controller.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-data software.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-receiver.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-RIH.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-software.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8210 Fuel Management System-system.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\8492 Oil filter press.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9100 Hazard Store Bldg-acces.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9100 Hazard Store Bldg.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9350 Electrostatic filter.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9350 Electrostatic portable filter manual.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9350 Electrostatic portable filter.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9350 filter arm KUA.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\9350 filter arm KUA_EN[1].pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\250 Bus Option 1\Plymovent EMK 1602AL Electrostatic Filter Unit.htm
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Bus Maintenance Equipment\binder cover page.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Civil-Site\Design Narrative 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Civil-Site\Grading Plan Base Bid 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Civil-Site\Grading Plan Option 1_11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Civil-Site\Utility plan option 1_11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\Civil-Site\Utlity Plan Base Bid 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\DC Village CNG Equipment List - Marathon 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\DC Village CNG Installation Info-1 - Marathon 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\DC Village CNG Notice - Marathon 11-13-09.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\FQ8133 - Book 2--Tab 14 CNG Only.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\Sample Air P&ID.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\Sample Electrical Conduit.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\Sample Gas P&ID.pdf
    c:\documents and settings\Derek Fulford\20091113 Pricing Submission\CNG Diesel\Sample Pipe Rack.pdf
    c:\documents and settings\Derek Fulford\GoToAssistDownloadHelper.exe
    c:\documents and settings\Derek Fulford\Recent\DBOLE.tmp
    c:\documents and settings\Derek Fulford\Recent\eb.tmp
    c:\documents and settings\Derek Fulford\Recent\tjd.tmp
    c:\program files\Shared
    c:\windows\system32\shimg.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-04 05:56 . 2011-04-04 05:56 -------- d-----w- c:\documents and settings\Derek Fulford\Application Data\Avira
    2011-04-04 05:51 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-04-04 05:51 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-04 05:51 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-04-04 05:51 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-04-04 05:51 . 2011-04-04 05:51 -------- d-----w- c:\program files\Avira
    2011-04-04 05:51 . 2011-04-04 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-04-04 05:10 . 2011-04-04 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-04 05:10 . 2011-04-04 05:10 -------- d-----w- c:\program files\AVAST Software
    2011-04-03 23:55 . 2011-04-04 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-04-03 23:55 . 2011-04-03 23:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-31 05:19 . 2011-03-31 05:19 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-03-12 13:05 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2008-04-25 16:16 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-25 16:16 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2008-04-25 21:26 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-04-25 21:26 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2008-04-25 16:16 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll
    2001-12-03 21:09 . 2009-09-02 14:19 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 68856]
    "YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2010-01-27 82432]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-07 16862720]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-07 13537280]
    "nwiz"="nwiz.exe" [2008-07-07 1630208]
    "NVHotkey"="nvHotkey.dll" [2008-07-07 90112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-07 86016]
    "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-05-07 1245184]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2010-01-11 4281584]
    "ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-02-09 1275408]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-12-16 1195920]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-03-02 273544]
    "TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-10-29 245760]
    .
    c:\documents and settings\Derek Fulford\Start Menu\Programs\Startup\
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-9-19 1545488]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-11-22 18:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
    "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "427:UDP"= 427:UDP:SLP_Port(427)
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/21/2010 9:18 AM 84072]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/4/2011 1:51 AM 135336]
    R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [7/5/2010 11:33 AM 228352]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [7/5/2010 11:32 AM 88176]
    R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 9:18 AM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/21/2010 9:18 AM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/21/2010 9:19 AM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/21/2010 9:18 AM 141792]
    R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [7/5/2010 11:14 AM 689392]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/21/2010 9:18 AM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/21/2010 9:18 AM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 9:18 AM 88544]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [11/15/2008 3:40 AM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [11/15/2008 3:40 AM 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [11/15/2008 3:40 AM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [11/15/2008 3:40 AM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [11/15/2008 3:40 AM 235840]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 6:48 PM 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/15/2008 1:52 AM 30192]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/21/2010 9:18 AM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/21/2010 9:18 AM 84264]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:48]
    .
    2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:48]
    .
    2011-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-79037841-1358071332-1891406712-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
    .
    2011-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-79037841-1358071332-1891406712-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
    .
    2011-04-04 c:\windows\Tasks\WebReg .job
    - c:\program files\HP\digital imaging\bin\hpqwrg.exe [2008-03-26 01:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://m.www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: ICF.dll
    Trusted Zone: isqft.com\www
    Trusted Zone: isqft.com\www
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-05 18:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1536)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    .
    - - - - - - - > 'lsass.exe'(1592)
    c:\windows\system32\ICF.dll
    .
    - - - - - - - > 'explorer.exe'(3532)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\ICF.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\system32\wscript.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-05 18:38:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-05 22:38
    .
    Pre-Run: 122,943,373,312 bytes free
    Post-Run: 122,798,256,128 bytes free
    .
    - - End Of File - - F13CDFE048508D286A31204F269A45A4
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  9. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    It is not redirecting now.

    I will delete the McAfee.

    I'm familiar with the items that were removed. They were drawing files, but I do not need them.

    Do the logs indicate the computer is clean now?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good news :)

    I had to ask about those files before proceeding any further.
    Hold on....
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Combofix log looks good.

    We need to run couple more checks to make sure your computer is healthy...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    OTL.Txt Log

    The OTL.Txt Log is here:

    OTL logfile created on: 4/5/2011 8:14:15 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Derek Fulford\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 114.63 Gb Free Space | 76.93% Space Free | Partition Type: NTFS
    Drive D: | 563.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DEFVOSTRO | User Name: Derek Fulford | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/05 20:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Fulford\Desktop\OTL.exe
    PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/01 20:17:18 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/05/20 15:39:49 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    PRC - [2010/02/09 17:14:56 | 000,228,352 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
    PRC - [2010/02/09 17:07:22 | 001,275,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
    PRC - [2010/01/27 16:28:56 | 000,082,432 | ---- | M] () -- C:\Program Files\YouSendIt\Express\YouSendIt.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2010/01/11 13:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
    PRC - [2010/01/11 13:10:38 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    PRC - [2010/01/11 13:10:36 | 004,281,584 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    PRC - [2009/11/18 15:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
    PRC - [2009/09/16 22:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/01/16 16:31:26 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2008/09/19 15:06:42 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2008/08/26 20:39:38 | 000,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
    PRC - [2008/08/26 12:23:14 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    PRC - [2008/08/26 12:21:36 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/07/31 23:31:58 | 001,422,608 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    PRC - [2008/07/16 17:32:06 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
    PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/05/22 12:09:28 | 000,372,736 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    PRC - [2008/05/07 13:19:18 | 001,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/21 17:25:06 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/02/21 17:24:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/02/21 17:24:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/02/21 17:24:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/07/27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2004/10/29 18:21:30 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/05 20:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Fulford\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/05/07 13:19:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/09 17:14:56 | 000,228,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)
    SRV - [2010/01/11 13:10:42 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
    SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/01/16 16:31:58 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2008/11/22 14:28:26 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/08/26 20:39:38 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
    SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2006/11/09 19:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/08/26 20:39:48 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
    DRV - [2008/08/26 20:39:42 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
    DRV - [2008/07/16 17:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV - [2008/07/16 17:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2008/07/16 17:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
    DRV - [2008/07/07 16:57:38 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/07/07 01:20:56 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/06/30 00:11:44 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/04/16 00:05:14 | 000,016,800 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
    DRV - [2008/04/14 08:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/14 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2008/04/14 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2008/02/21 17:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081115
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081115


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081115
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6081115
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>



    IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
    IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/27 21:35:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/01 20:17:46 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/04/05 18:31:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
    O4 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    O4 - Startup: C:\Documents and Settings\Derek Fulford\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Domains: isqft.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/09/08 11:09:38 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/05 20:11:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek Fulford\Desktop\OTL.exe
    [2011/04/05 18:53:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/05 18:07:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/05 18:02:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/05 18:02:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/05 18:02:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/05 18:02:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/05 18:02:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/05 17:59:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/04 01:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek Fulford\Application Data\Avira
    [2011/04/04 01:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/04/04 01:51:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/04/04 01:51:47 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/04/04 01:51:47 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/04/04 01:51:47 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/04/04 01:51:47 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/04/04 01:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/04/04 01:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/04/04 01:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/04 01:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/03 19:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/04/03 19:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/04/03 19:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/03/21 14:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek Fulford\My Documents\Fax
    [2011/03/12 15:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek Fulford\Desktop\EMBA22_Cohort Information
    [47 C:\Documents and Settings\Derek Fulford\Desktop\*.tmp files -> C:\Documents and Settings\Derek Fulford\Desktop\*.tmp -> ]
    [14 C:\Documents and Settings\Derek Fulford\My Documents\*.tmp files -> C:\Documents and Settings\Derek Fulford\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/05 20:14:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-79037841-1358071332-1891406712-1007.job
    [2011/04/05 20:14:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-79037841-1358071332-1891406712-1007.job
    [2011/04/05 20:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Fulford\Desktop\OTL.exe
    [2011/04/05 20:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/05 20:10:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/05 20:08:45 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\pool.bin
    [2011/04/05 20:04:43 | 000,476,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 20:04:43 | 000,085,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/05 20:02:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Ÿ9Ÿ9
    [2011/04/05 20:01:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/05 20:01:32 | 000,043,239 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/04/05 19:59:16 | 000,189,259 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/04/05 19:59:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/05 19:59:05 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/05 18:31:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/05 18:18:21 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
    [2011/04/05 18:11:55 | 000,051,995 | ---- | M] () -- C:\crash.dmp
    [2011/04/05 18:07:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/04/05 17:57:14 | 004,315,008 | R--- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\ComboFix.exe
    [2011/04/05 17:40:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/04 11:17:18 | 000,043,239 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2011/04/04 07:53:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Ÿ=Ÿ=
    [2011/04/04 01:52:02 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/04 01:33:15 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/04 00:52:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\WebReg .job
    [2011/04/03 22:45:12 | 000,017,257 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\EMBA630-Week 1 Petrov I[1].rtf
    [2011/04/03 22:31:33 | 000,017,255 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\VB_order.htm
    [2011/04/03 22:14:49 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\EditLiveForJava.ini
    [2011/04/03 19:55:52 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/03 19:55:52 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\Spybot - Search & Destroy.lnk
    [2011/04/03 17:45:59 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/01 09:46:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
    [2011/03/30 23:46:33 | 000,012,540 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Application Data\wklnhst.dat
    [2011/03/29 19:59:22 | 020,299,776 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\My Documents\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 29,2011 07 58 PM).QBB
    [2011/03/29 19:43:27 | 000,129,088 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\GL 2011.pdf
    [2011/03/29 19:42:50 | 000,036,383 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\BS 2011.pdf
    [2011/03/29 19:42:32 | 000,037,950 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\PL 2011.pdf
    [2011/03/26 12:23:54 | 020,226,048 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\My Documents\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 26,2011 12 23 PM).QBB
    [2011/03/23 21:01:32 | 020,017,152 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 23,2011 09 00 PM).QBB
    [2011/03/23 11:26:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/16 16:28:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [47 C:\Documents and Settings\Derek Fulford\Desktop\*.tmp files -> C:\Documents and Settings\Derek Fulford\Desktop\*.tmp -> ]
    [14 C:\Documents and Settings\Derek Fulford\My Documents\*.tmp files -> C:\Documents and Settings\Derek Fulford\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/05 18:07:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/04/05 18:07:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/05 18:02:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/05 18:02:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/05 18:02:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/05 18:02:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/05 18:02:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/05 17:57:14 | 004,315,008 | R--- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\ComboFix.exe
    [2011/04/04 01:52:02 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/04/03 22:31:33 | 000,017,255 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\VB_order.htm
    [2011/04/03 21:45:52 | 000,017,257 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\EMBA630-Week 1 Petrov I[1].rtf
    [2011/04/03 19:55:52 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/04/03 19:55:52 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/29 19:59:15 | 020,299,776 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\My Documents\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 29,2011 07 58 PM).QBB
    [2011/03/26 12:23:48 | 020,226,048 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\My Documents\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 26,2011 12 23 PM).QBB
    [2011/03/26 11:58:14 | 000,129,088 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\GL 2011.pdf
    [2011/03/26 11:37:32 | 000,037,950 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\PL 2011.pdf
    [2011/03/26 11:36:05 | 000,036,383 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\BS 2011.pdf
    [2011/03/23 21:01:25 | 020,017,152 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Desktop\FASTSIGNS OF LAUREL 2007 12.29.07 (Backup Mar 23,2011 09 00 PM).QBB
    [2011/01/07 20:44:34 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\EditLiveForJava.ini
    [2010/11/04 16:01:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/05/20 15:40:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
    [2010/05/20 15:40:30 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
    [2010/05/20 15:13:36 | 000,018,886 | ---- | C] () -- C:\WINDOWS\hplj24x0.ini
    [2010/05/20 15:13:20 | 000,002,229 | ---- | C] () -- C:\WINDOWS\mariner.ini
    [2010/02/09 01:35:42 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
    [2010/02/06 19:17:28 | 000,076,536 | ---- | C] () -- C:\WINDOWS\hpgins07.dat
    [2010/02/06 19:17:28 | 000,000,848 | ---- | C] () -- C:\WINDOWS\hpgmdl07.dat
    [2009/09/14 00:46:37 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/18 15:00:41 | 000,047,476 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/05/26 00:06:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\rx_image.Cache
    [2009/05/17 15:05:51 | 000,166,436 | ---- | C] () -- C:\WINDOWS\hpoins31.dat.temp
    [2009/05/11 21:45:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2009/05/11 21:43:45 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat.temp
    [2009/04/19 21:37:49 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Application Data\mcs.rma
    [2009/04/19 21:37:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Application Data\55EA79
    [2009/04/19 21:01:30 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/02/18 13:21:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Local Settings\Application Data\fusioncache.dat
    [2008/12/27 23:11:37 | 000,165,963 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
    [2008/12/27 23:11:37 | 000,001,691 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
    [2008/11/26 22:29:39 | 000,012,540 | ---- | C] () -- C:\Documents and Settings\Derek Fulford\Application Data\wklnhst.dat
    [2008/11/15 03:40:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/11/15 03:40:36 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/11/15 03:40:36 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/11/15 03:40:36 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/11/15 03:40:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/11/15 03:40:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/11/15 03:40:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/11/15 03:40:36 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/11/15 03:40:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2008/11/15 03:39:26 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/11/15 01:59:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/11/15 01:54:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/11/15 01:52:47 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/11/15 01:51:27 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
    [2008/11/15 01:50:33 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2008/11/15 01:50:32 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2008/11/15 01:50:32 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2008/11/15 01:47:54 | 000,043,239 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/25 12:16:22 | 000,476,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/25 12:16:22 | 000,085,730 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/25 05:21:52 | 000,342,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
    [2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
    [2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
    [2003/02/25 01:49:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011/04/04 01:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/11/22 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2009/02/18 11:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2011/02/15 22:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
    [2009/05/25 23:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2008/11/15 01:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/02/06 12:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/01/18 19:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/19 22:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/04/19 21:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Blackberry Desktop
    [2009/05/25 22:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Leadertech
    [2010/01/20 13:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\ntr
    [2009/04/19 20:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Research In Motion
    [2009/12/12 19:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Template
    [2009/02/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Uniblue
    [2010/02/09 15:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\YouSendIt

    ========== Purity Check ==========
     
  13. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    OTL.Txt Log (contd) & Extras.Txt

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/05/14 09:29:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/04/05 18:07:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/19 19:03:35 | 000,005,145 | ---- | M] () -- C:\CD3rdPartyWrapper.log
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/04/05 18:38:52 | 000,035,064 | ---- | M] () -- C:\ComboFix.txt
    [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/04/05 18:11:55 | 000,051,995 | ---- | M] () -- C:\crash.dmp
    [2011/04/05 18:11:55 | 000,098,471 | ---- | M] () -- C:\crash.log
    [2008/11/15 03:42:35 | 000,003,468 | RH-- | M] () -- C:\dell.sdr
    [2011/04/05 19:59:05 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/04/05 19:59:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/06/24 11:49:16 | 000,002,381 | ---- | M] () -- C:\Rescued document.txt
    [2009/10/13 20:07:14 | 000,000,923 | ---- | M] () -- C:\updatedatfix.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2005/05/12 00:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2008/04/25 17:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2004/08/23 18:26:44 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP042.DLL
    [2008/06/06 21:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/09/22 22:52:28 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Derek Fulford\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/04/25 17:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/11/21 22:23:08 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Derek Fulford\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/04/25 17:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/05 17:57:14 | 004,315,008 | R--- | M] () -- C:\Documents and Settings\Derek Fulford\Desktop\ComboFix.exe
    [2011/04/05 20:11:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Fulford\Desktop\OTL.exe
    [47 C:\Documents and Settings\Derek Fulford\Desktop\*.tmp files -> C:\Documents and Settings\Derek Fulford\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2008/11/23 19:13:45 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Derek Fulford\gotomypc_437.exe
    [2009/05/31 21:13:11 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Derek Fulford\gotomypc_438.exe

    < %systemroot%\ADDINS\*.* >
    [2008/04/14 08:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/11/21 22:23:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Derek Fulford\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/05 20:14:19 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\Derek Fulford\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2009/04/15 15:40:58 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\Installer\BBMediaSyncUninstall.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/03 07:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 07:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 07:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 13:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/03 07:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/03 07:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/03 07:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 07:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 07:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Whoopi Goldberg.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Team Contract.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Sleepover at 12.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\ROW Training Schedule.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Rescued document.txt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Proposal.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Power_Influence[1].doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Peyton_Letter.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Perseverance.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Office of Career Services.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Nature of Electromagnetic Waves.ppt:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\MarchB_2010_Listing.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Lecture 6.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Med.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Lrg.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Kayla Fulford January 12.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\History Board.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\helpful-links[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\expense-worksheet[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\DiamondIndustryStrategy_Wk71[1].doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Develop an essay of 500.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\daily-expenditures[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\credit-card-and-money[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\CEO.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\BudgetTemplate.xls:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\AddendumBusiness Plan.doc:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\A_Survival_Guide_To_Post_Bankruptcy-By_Mitchell_Allen[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\2010 High School Application Final[1].pdf:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL4066.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3593.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3552.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3436.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL2268.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1454.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1136.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1109.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1004.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0976.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0944.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0839.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0545.tmp:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0485.tmp:Roxio EMC Stream

    < End of report >

    --------------------------------------------------------------------------------------------------------

    OTL Extras logfile created on: 4/5/2011 8:14:15 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Derek Fulford\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 114.63 Gb Free Space | 76.93% Space Free | Partition Type: NTFS
    Drive D: | 563.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DEFVOSTRO | User Name: Derek Fulford | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
    "D:\setup\HPZnui01.exe" = D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe" = C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
    "C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
    "C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
    "C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{02C0BC1F-E273-4FA7-BF75-46ACF9650765}" = HP LaserJet 2410/2420/2430
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08DE682A-3858-4591-9EBB-E5290E4DC3DD}" = Family Protection
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
    "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
    "{2766C573-EFD3-4f15-83A5-2788B48994F0}" = HP Scanjet 4370
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
    "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
    "{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
    "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
    "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
    "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
    "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
    "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
    "{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
    "{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
    "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB2F7E36-3D87-457D-8162-26583CF49AC1}" = hp LaserJet Toolbox
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{AC93F461-132C-4A10-983D-7DAFE2917D67}" = Roxio Media Manager
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFBA694F-E1A3-4ED4-8364-1A94F4ADE456}" = hpg4370
    "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
    "{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_{9833D727-8FF5-40AE-A193-525747555FF1}" = BlackBerry Desktop Software 4.7
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "HP Imaging Device Functions" = HP Imaging Device Functions 11.0
    "hp LaserJet 2410 2420 2430" = HP LaserJet 2410/2420/2430
    "HP Photo & Imaging" = HP Image Zone 5.3
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
    "HPExtendedCapabilities" = HP Customer Participation Program 11.0
    "HPOCR" = OCR Software by I.R.I.S. 11.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
    "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.14
    "RealPlayer 12.0" = RealPlayer
    "SearchAssist" = SearchAssist
    "Shop for HP Supplies" = Shop for HP Supplies
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/2/2011 6:01:51 PM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 4/2/2011 7:05:19 PM | Computer Name = DEFVOSTRO | Source = McLogEvent | ID = 5051
    Description =

    Error - 4/2/2011 7:06:51 PM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1002
    Description = Hanging application DesktopMgr.exe, version 4.7.0.25, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/3/2011 2:30:09 PM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/3/2011 9:21:24 PM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1002
    Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 4/4/2011 4:01:32 AM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/4/2011 7:52:17 AM | Computer Name = DEFVOSTRO | Source = ESENT | ID = 490
    Description = svchost (1992) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 4/4/2011 7:52:20 AM | Computer Name = DEFVOSTRO | Source = McLogEvent | ID = 5051
    Description =

    Error - 4/5/2011 6:11:57 PM | Computer Name = DEFVOSTRO | Source = Application Error | ID = 1000
    Description = Faulting application mfp.exe, version 1.1.402.0, faulting module mfp.exe,
    version 1.1.402.0, fault address 0x0008002c.

    Error - 4/5/2011 6:37:37 PM | Computer Name = DEFVOSTRO | Source = Application Hang | ID = 1002
    Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 4/5/2011 8:17:35 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:17:35 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:05 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D19K9QB1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:05 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:05 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:05 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:36 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D19K9QB1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:36 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:36 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.

    Error - 4/5/2011 8:18:36 PM | Computer Name = DEFVOSTRO | Source = DCOM | ID = 10009
    Description = DCOM was unable to communicate with the computer D7SP45D1 using any
    of the configured protocols.


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
      O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
      O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
      O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
      O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Domains: isqft.com ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-79037841-1358071332-1891406712-1007\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
      O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
      [47 C:\Documents and Settings\Derek Fulford\Desktop\*.tmp files -> C:\Documents and Settings\Derek Fulford\Desktop\*.tmp -> ]
      [14 C:\Documents and Settings\Derek Fulford\My Documents\*.tmp files -> C:\Documents and Settings\Derek Fulford\My Documents\*.tmp -> ]
      [2009/02/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Fulford\Application Data\Uniblue
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Whoopi Goldberg.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Team Contract.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Sleepover at 12.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\ROW Training Schedule.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Rescued document.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Proposal.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Power_Influence[1].doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Peyton_Letter.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Perseverance.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Office of Career Services.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Nature of Electromagnetic Waves.ppt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\MarchB_2010_Listing.xls:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Lecture 6.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Med.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Lrg.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Kayla Fulford January 12.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\History Board.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\helpful-links[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\expense-worksheet[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\DiamondIndustryStrategy_Wk71[1].doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\Develop an essay of 500.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\daily-expenditures[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\credit-card-and-money[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\CEO.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\BudgetTemplate.xls:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\AddendumBusiness Plan.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\A_Survival_Guide_To_Post_Bankruptcy-By_Mitchell_Allen[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\2010 High School Application Final[1].pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL4066.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3593.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3552.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL3436.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL2268.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1454.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1136.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1109.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL1004.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0976.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0944.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0839.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0545.tmp:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Derek Fulford\My Documents\~WRL0485.tmp:Roxio EMC Stream
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    OTL Log & checkup.txt

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
    HKU\S-1-5-21-79037841-1358071332-1891406712-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isqft.com\www\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isqft.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isqft.com\www\ not found.
    Registry key HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isqft.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-79037841-1358071332-1891406712-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
    File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
    File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0122.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0126.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0154.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0306.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0377.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0391.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0477.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0624.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0721.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0738.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL0918.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1073.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1247.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1406.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1515.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1573.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1574.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1609.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1638.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1653.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1686.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1698.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1728.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1771.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1907.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL1936.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2053.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2229.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2245.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2302.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2470.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2676.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2720.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL2912.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3009.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3265.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3424.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3493.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3516.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3574.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3679.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3681.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3804.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3844.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3914.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL3937.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\~WRL4076.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL0485.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL0545.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL0839.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL0944.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL0976.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL1004.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL1109.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL1136.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL1454.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL2268.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL3436.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL3552.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL3593.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\My Documents\~WRL4066.tmp deleted successfully.
    C:\Documents and Settings\Derek Fulford\Application Data\Uniblue\Registry Booster2 folder moved successfully.
    C:\Documents and Settings\Derek Fulford\Application Data\Uniblue folder moved successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Whoopi Goldberg.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Team Contract.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Sleepover at 12.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\ROW Training Schedule.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Rescued document.txt:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Proposal.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Power_Influence[1].doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Peyton_Letter.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Perseverance.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Office of Career Services.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Nature of Electromagnetic Waves.ppt:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\MarchB_2010_Listing.xls:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Lecture 6.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Med.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Labels_OfficeSupplyBins_Lrg.doc:Roxio EMC Stream deleted successfully.
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\Kayla Fulford January 12.doc:Roxio EMC Stream .
    ADS C:\Documents and Settings\Derek Fulford\My Documents\History Board.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\helpful-links[1].pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\expense-worksheet[1].pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\DiamondIndustryStrategy_Wk71[1].doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\Develop an essay of 500.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\daily-expenditures[1].pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\credit-card-and-money[1].pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\CEO.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\BudgetTemplate.xls:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\AddendumBusiness Plan.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\A_Survival_Guide_To_Post_Bankruptcy-By_Mitchell_Allen[1].pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Derek Fulford\My Documents\2010 High School Application Final[1].pdf:Roxio EMC Stream deleted successfully.
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL4066.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL3593.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL3552.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL3436.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL2268.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL1454.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL1136.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL1109.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL1004.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL0976.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL0944.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL0839.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL0545.tmp:Roxio EMC Stream .
    Unable to delete ADS C:\Documents and Settings\Derek Fulford\My Documents\~WRL0485.tmp:Roxio EMC Stream .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Derek Fulford
    ->Temp folder emptied: 25024612 bytes
    ->Temporary Internet Files folder emptied: 24753762 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 670 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21188 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 1008341 bytes

    Total Files Cleaned = 49.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Derek Fulford
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

    OTL by OldTimer - Version 3.2.22.3 log created on 04052011_211815

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    --------------------------------------------------------------------------------------------------------

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  16. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Here is the ESETScan Log:

    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Corridor Enterprises Inc\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Franchise\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Greek&HBCU\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Jobs\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Property\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Treasure Avenue\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Kayla's 1st Bday Party\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Smiley Family Reunion\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\Bylaws\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\Kaylas School Project\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Special Projects\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Tennessee State University\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\TIPP\desktop.ini Win32/VB.NEI worm
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Work\desktop.ini Win32/VB.NEI worm
    C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP389\A0175961.mof Win32/RogueAV.A trojan
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No problem.

    Uninstall Java(TM) 6 Update 7 .

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
     
  18. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    I edited my previous (above) message and added the ESET Scan log. There were 20 threats found.

    I updated the Adobe Reader.

    I didn't uninstall the Java because I wasn't sure what to do. Do you mean to uninstall the Java I added earlier this evening? It is on my desktop as an icon "JavaSetup6u24". Is that what I need to remove?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No. Go to Add\Remove and uninstall Java(TM) 6 Update 7 .

    Are you familiar wit what Eset found - My Documents Desktop 1998?
     
  20. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Ok. I just uninstalled the Java 6 Update 7.

    Yes, the My Documents Desktop 1998 are the files from our old computer. They were retrieved then put on our laptop for our reference.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Some of those files seems to be infected.
    It's all about various versions of desktop.ini file, so by removing them, it won't affect any of your backups.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Corridor Enterprises Inc\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Franchise\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Greek&HBCU\desktop.ini
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Jobs\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Property\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Treasure Avenue\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Kayla's 1st Bday Party\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Smiley Family Reunion\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\Bylaws\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\Kaylas School Project\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Special Projects\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Tennessee State University\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\TIPP\desktop.ini 
      C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Work\desktop.ini
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  22. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Here is 1 of the logs you said to post.
    I didn't realize this would happen, but the other 2 log files you requested were deleted when I did the Cleanup :(

    --------------------------------------------------------------------------------------------------------

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Corridor Enterprises Inc\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Franchise\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Greek&HBCU\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Jobs\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Property\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Business\Treasure Avenue\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Kayla's 1st Bday Party\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Events\Smiley Family Reunion\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\LucraMax\Bylaws\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\My Pictures\Kaylas School Project\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Special Projects\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Tennessee State University\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\TIPP\desktop.ini moved successfully.
    C:\Documents and Settings\Derek Fulford\Desktop\My Documents Desktop 1998\Work\desktop.ini moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Derek Fulford
    ->Temp folder emptied: 2244751 bytes
    ->Temporary Internet Files folder emptied: 26200832 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 611 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34608 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 27.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Derek Fulford
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04062011_003608

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF22F6.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF230B.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2336.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2343.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2425.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2427.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF245A.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2574.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF26CB.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF26F2.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF270C.tmp not found!
    File\Folder C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DF2726.tmp not found!
    C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DFB286.tmp moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temp\~DFB2C5.tmp moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\QDK3RG3J\partner[1].htm moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\KPJJNND7\topic163363-2[1].html moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\IDF1VCR7\918[4].htm moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\IDF1VCR7\CheckCookie[1].htm moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\IDF1VCR7\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\IDF1VCR7\Rtd3I2clVKSHNFMmI1czhBQnhyQQRuX2dwcwMwBG5fdnBzAzAEb3JpZ2luA3NycARxdWVyeQN3aGF0IGlzIGRlc2t0b3AuaW5pIFdpbjMyL1ZCLk5FSSB3b3JtBHNhbwMxBHZ0ZXN0aWQDSDQ2Ng--[1].htm moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\Content.IE5\IDF1VCR7\sh37[1].html moved successfully.
    C:\Documents and Settings\Derek Fulford\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You did fine.

    Whenever ready....
     
  24. rachelb26

    rachelb26 TS Rookie Topic Starter Posts: 23

    Broni,

    Thank you! Thank you! Thank you for all of your help! I am truly grateful!
    Thanks for everything you do to help others! Truly amazing!
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're very welcome [​IMG]

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...