1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive No option for System Restore

Discussion in 'Malware and Virus Removal Archive' started by Jeremie, 2011/01/06.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2011/01/06
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    [Inactive] No option for System Restore

    I had the windows blue screen virus on my computer a long time ago. I thought I removed all of it, until now when I turn the computer on and it restarts about 10 times. When I checked the event viewer the errors stated that The System Restore initialization process failed. when I went to adjust System Restore I got another Message System Restore is not able to protect your computer. Restart your computer and run System restore again.

    I have all logs that you need please let me know how you want me to send them.

    Thanks
     
    Jeremie,
    #1
  2. 2011/01/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, read this post, then post the requested log(s).

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    Dds

    The logs are very large for one post so I will post each of them seperatley.

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Gregg at 22:30:29.44 on Thu 01/06/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1211 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\sgvrfy32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Documents and Settings\Gregg\Local Settings\Temporary Internet Files\Content.IE5\ZH3PSVNX\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?ilc=1
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [PmUaMonitor] "c:\program files\common files\pmgsoftware\esd\PM.Deployment.EsdServiceMonitor.exe "
    mRun: [<NO NAME>]
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://dell.webex.com/client/T26L/support/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5930/mcfscan.cab
    TCP: {4F71E4B8-AAF8-4B97-B112-FE776CA407C4} = 192.168.2.4,167.206.3.154
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: Winipdat - {A3DE4317-A8FB-446A-BFF2-1C927989C582} - c:\windows\system32\vdorctrl.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-5 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-5 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-12-26 47640]
    R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
    R2 System Event Dispatcher;System Event Dispatcher;c:\windows\system32\sgvrfy32.exe [2004-8-4 688128]
    R2 Update Agent;Practice Manager Update Agent;c:\program files\common files\pmgsoftware\esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
    S1 okkqggrg;okkqggrg;\??\c:\windows\system32\drivers\okkqggrg.sys --> c:\windows\system32\drivers\okkqggrg.sys [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-5 40384]
    S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 Usbsvcb;Usbsvcb; [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-16 11520]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-29 24652]
    S4 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
    S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

    =============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile= "%1" %*

    =============== Created Last 30 ================

    2011-01-06 03:31:22 709456 ----a-w- c:\windows\isRS-000.tmp
    2011-01-06 03:30:39 -------- d-----w- c:\docume~1\gregg\applic~1\Malwarebytes
    2011-01-06 00:58:33 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-06 00:58:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-30 04:19:40 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-30 04:19:06 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2010-12-13 16:35:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-12-13 16:35:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-13 16:35:48 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-12-13 16:35:48 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2007-09-04 14:11:47 3378248 -c--a-w- c:\program files\LimeWireWin.exe

    ============= FINISH: 22:31:01.47 ===============
     
    Jeremie,
    #3
  5. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/21/2007 4:51:31 PM
    System Uptime: 1/5/2011 10:32:48 PM (24 hours ago)

    Motherboard: Dell Inc | | 0UW457
    Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2004/1000mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 71 GiB total, 45.077 GiB free.
    D: is Removable
    E: is CDROM (CDFS)
    S: is NetworkDisk (NTFS) - 105 GiB total, 100.976 GiB free.
    Z: is NetworkDisk (NTFS) - 40 GiB total, 8.045 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2570
    2570_Help
    2570Trb
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Athlon 64 Processor Driver
    avast! Free Antivirus
    BlackBerry Desktop Software 5.0.1
    BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
    BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
    BlackBerryŽ Media Sync
    Bonjour
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Connect
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Dell Resource CD
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    DVD Flick 1.3.0.7
    Easy TimeBill & Trust Accounting
    eFax Messenger
    eSupportQFolder
    Fax_CDA
    FullDPAppQFolder
    Google Updater
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    HPSSupply
    ImgBurn
    IMM4 VCM Codec 1.0.0.10
    InstantShareDevices
    InstantShareDevicesMFC
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    Junk Mail filter update
    kuler
    LogMeIn
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox (3.0.19)
    MSN
    MSN Toolbar
    MSN Toolbar Platform
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB933579)
    NewCopy_CDA
    Nitro PDF Reader
    NodEnabler 3.4.1
    Nucleus Kernel DBF Recovery ver 5.01
    NVIDIA Drivers
    OCR Software by I.R.I.S 7.0
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PDF Settings CS4
    PhotoGallery
    Photoshop Camera Raw
    Practice Manager 10 Workstation
    Practice Manager n-tier Framework Client
    Practice Manager PM Purger Client Adapter
    Practice Manager Update Agent
    PrimoPDF -- by Nitro PDF Software
    ProductContextNPI
    QuickTime
    RandMap
    Readme
    RealPlayer
    RegVac Registry Cleaner 5.01 (Trial Version)
    RemoteAgent
    RocketDock 1.3.5
    Roxio DLA
    Roxio Media Manager
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Safari
    Saga Practice Manager and Plugins
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shop for HP Supplies
    SigmaTel Audio
    SkinsHP1
    SlideShow
    SolutionCenter
    Sonic Update Manager
    Sonic_PrimoSDK
    Spybot - Search & Destroy
    Status
    Suite Shared Configuration CS4
    Support Tools Web Package : NETDIAG.EXE
    System Requirements Lab
    Toolbox
    TrayApp
    UBCD4Win 3.50
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    Viewpoint Media Player
    ViGlance
    WD SmartWare
    Web Camera Control
    WebEx
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    winpcap-nmap 4.02
    WinPcap 4.0.2
    WinRAR archiver
    WinZip 11.2
    Wireshark 1.0.8

    ==== Event Viewer Messages From Past Week ========

    1/6/2011 12:12:00 AM, error: NETLOGON [5719] - No Domain Controller is available for domain LATRONICA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/5/2011 9:47:44 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a25c020, parameter3 8a25c194, parameter4 805c8c7c.
    1/5/2011 12:56:51 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a2bdb88, parameter3 8a2bdcfc, parameter4 805c8c7c.
    1/5/2011 12:52:29 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a2bcda0, parameter3 8a2bcf14, parameter4 805c8c7c.
    1/5/2011 10:20:08 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The Practice Manager Update Agent service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The NitroPDFReaderDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2011 10:20:07 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/5/2011 10:20:07 PM, error: Service Control Manager [7031] - The System Event Dispatcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/5/2011 10:20:07 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/5/2011 1:48:11 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a378da0, parameter3 8a378f14, parameter4 805c8c7c.
    1/5/2011 1:26:28 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a2a5020, parameter3 8a2a5194, parameter4 805c8c7c.
    1/5/2011 1:22:09 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a2a9200, parameter3 8a2a9374, parameter4 805c8c7c.
    1/5/2011 1:18:00 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a255910, parameter3 8a255a84, parameter4 805c8c7c.
    1/5/2011 1:13:52 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a35aa50, parameter3 8a35abc4, parameter4 805c8c7c.
    1/5/2011 1:09:39 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a31a020, parameter3 8a31a194, parameter4 805c8c7c.
    1/5/2011 1:05:27 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a378020, parameter3 8a378194, parameter4 805c8c7c.
    1/4/2011 9:35:04 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a2a59e0, parameter3 8a2a5b54, parameter4 805c8c7c.
    1/4/2011 9:30:53 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a020340, parameter3 8a0204b4, parameter4 805c8c7c.
    1/4/2011 9:26:46 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a3413e8, parameter3 8a34155c, parameter4 805c8c7c.
    1/4/2011 9:24:26 AM, error: SRService [104] - The System Restore initialization process failed.
    1/4/2011 9:24:26 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    1/4/2011 9:24:26 AM, error: Service Control Manager [7000] - The System Restore Filter Driver service failed to start due to the following error: The filename, directory name, or volume label syntax is incorrect.
    1/4/2011 9:24:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sr
    1/4/2011 9:23:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    1/3/2011 10:51:52 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a35b898, parameter3 8a35ba0c, parameter4 805c8c7c.
    1/3/2011 10:47:48 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a380b10, parameter3 8a380c84, parameter4 805c8c7c.

    ==== End Of File ===========================
     
    Jeremie,
    #4
  6. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0204001c

    Kernel Drivers (total 141):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EEB000 fltmgr.sys
    0xB9ED5000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9EBE000 KSecDD.sys
    0xB9EAB000 WudfPf.sys
    0xB9E1E000 Ntfs.sys
    0xB9DF1000 NDIS.sys
    0xB9DD7000 Mup.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB9258000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB9244000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA430000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB9220000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA5DC000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB91FD000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA440000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB91D5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA6A1000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xBA6A2000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB91BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB91AD000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xB917D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5DE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB911F000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9DB3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8FE4000 \SystemRoot\system32\drivers\sthda.sys
    0xB8FC0000 \SystemRoot\system32\drivers\portcls.sys
    0xBA1D8000 \SystemRoot\system32\drivers\drmk.sys
    0xBA1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA5EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA777000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5F0000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA4A0000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA4B0000 \SystemRoot\System32\drivers\vga.sys
    0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA360000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA368000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA544000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB6745000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB66EC000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA228000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB6659000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB6631000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB660F000 \SystemRoot\System32\drivers\afd.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB65E4000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB6574000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA258000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA378000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB57D3000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xBA318000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA570000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA3A8000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xBA3B0000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB96AF000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xBA578000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xBA584000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB966F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB9117000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB9113000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA218000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB55CC000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA602000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB5796000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA408000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7DB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB6798000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xBA2D8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA72F000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xB4836000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xB678C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xBA608000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xBA420000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xB481E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xB4808000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xB4804000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB4661000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xB44A4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB446B000 \SystemRoot\System32\Drivers\adfs.SYS
    0xB4323000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA5C8000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xB4403000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xB4413000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB4040000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB336D000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBA3F0000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xB56EF000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xB3142000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xB2FBF000 \??\C:\DOCUME~1\Gregg\LOCALS~1\Temp\axldypow.sys
    0xB2F9B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB3285000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xBF45C000 \SystemRoot\System32\lmimirr.dll
    0xBF461000 \SystemRoot\System32\lmimirr2.dll
    0xB1CA0000 \SystemRoot\system32\drivers\kmixer.sys
    0xBA410000 \??\C:\DOCUME~1\Gregg\LOCALS~1\Temp\mbr.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    648 C:\WINDOWS\system32\smss.exe
    696 csrss.exe
    720 C:\WINDOWS\system32\winlogon.exe
    764 C:\WINDOWS\system32\services.exe
    776 C:\WINDOWS\system32\lsass.exe
    956 C:\WINDOWS\system32\svchost.exe
    1032 svchost.exe
    1120 C:\WINDOWS\system32\svchost.exe
    1152 C:\WINDOWS\system32\svchost.exe
    1276 svchost.exe
    1336 svchost.exe
    1476 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1720 C:\WINDOWS\system32\spoolsv.exe
    1864 svchost.exe
    1920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1944 C:\Program Files\Bonjour\mDNSResponder.exe
    124 C:\Program Files\Java\jre6\bin\jqs.exe
    492 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    516 C:\Program Files\LogMeIn\x86\ramaint.exe
    568 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    1072 C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    1092 C:\WINDOWS\system32\nvsvc32.exe
    1112 C:\WINDOWS\system32\HPZipm12.exe
    320 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    384 C:\WINDOWS\system32\svchost.exe
    444 C:\WINDOWS\system32\sgvrfy32.exe
    528 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    664 C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
    1984 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2932 C:\WINDOWS\explorer.exe
    3200 C:\WINDOWS\stsystra.exe
    3208 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3300 C:\Program Files\iTunes\iTunesHelper.exe
    3308 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3320 C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
    3368 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    3392 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3400 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3456 C:\WINDOWS\system32\ctfmon.exe
    2384 C:\Program Files\iPod\bin\iPodService.exe
    2664 alg.exe
    3292 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    1760 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    2224 C:\WINDOWS\system32\notepad.exe
    2608 C:\WINDOWS\system32\wuauclt.exe
    2056 C:\Program Files\Internet Explorer\iexplore.exe
    2300 C:\Program Files\Internet Explorer\iexplore.exe
    2636 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    2332 C:\Documents and Settings\Gregg\Local Settings\Temporary Internet Files\Content.IE5\1TID5RTJ\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD080HJ/P, Rev: ZH100-34

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    Jeremie,
    #5
  7. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5467

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/5/2011 10:42:40 PM
    mbam-log-2011-01-05 (22-42-40).txt

    Scan type: Quick scan
    Objects scanned: 200447
    Time elapsed: 5 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Jeremie,
    #6
  8. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    part 1 of GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-06 10:37:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
    Running: hhvl3v5k.exe; Driver: C:\DOCUME~1\Gregg\LOCALS~1\Temp\axldypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB57DBCF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB57DBBAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB57DC160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB57DC08A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB57DB782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB57DBC86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB57DB6C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB57DB726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB57DBDA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB57DC22E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB57DBD66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB57DBEE6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB57E8BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB57E89D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB57E8B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP B57E8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP B57E89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP B57E45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP B57E5FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B57E8BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9258360, 0x2456AE, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1476] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\Explorer.EXE[2932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0349E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0349D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0349D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 0349DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 034BCEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 0349DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 034C140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 034BD06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 0349CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 0349CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\WINDOWS\Explorer.EXE[2932] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 0349CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 0349CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0349339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0349329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 034BD8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 034C1D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 034BD52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 034C165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 034C3BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!send 71AB4C27 5 Bytes JMP 034C1A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 034C265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 034C181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!recv 71AB676F 5 Bytes JMP 034C202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 034C23AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 034BD72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 034BD80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 034C171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 034BDCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 034BDBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\Explorer.EXE[2932] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 034BDB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe[3120] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D9E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D9D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00D9D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00D9DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00DBCEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00D9DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00D9CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00D9CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\WINDOWS\stsystra.exe[3200] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00D9CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00D9CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00DC140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00DBD06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D9339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D9329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 00DBD8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00DC1D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00DBD52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DC3BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC1A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DC181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC23AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00DBD72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 00DBD80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 00DC171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00DBDCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00DBDBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\stsystra.exe[3200] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00DBDB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A0E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A0D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00A0D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00A0DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00A2CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00A0DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00A3140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00A2D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A0CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A0CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A0CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00A0CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A0339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00A0329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 00A2D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A31D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00A2D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A3165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A33BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A31A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A3265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A3181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A3202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A323AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00A2D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 00A2D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 00A3171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00A2DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00A2DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3208] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00A2DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00E4E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E4D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00E4D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00E4DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00E6CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00E4DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00E4CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00E4CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00E4CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00E4CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00E7140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00E6D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00E4339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E4329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 00E6D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E71D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00E6D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E7165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E73BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E71A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E7265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00E6D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 00E6D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 00E7171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00E6DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00E6DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[3300] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00E6DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3308] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] KERNEL32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] KERNEL32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
     
    Jeremie,
    #7
  9. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    GMER 2
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe[3320] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D8E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D8D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00D8D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00D8DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00DACEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00D8DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00DB140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00DAD06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00D8CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00D8CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00D8CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00D8CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00D8339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D8329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 00DAD8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00DB1D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00DAD52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DB165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DB3BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DB1A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DB265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DB181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DB202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DB23AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00DAD72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 00DAD80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 00DB171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00DADCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00DADBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3368] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00DADB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3392] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3400] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\WINDOWS\system32\ctfmon.exe[3456] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\WINDOWS\system32\ctfmon.exe[3456] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1004E15C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1004D56C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1004D7DC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1004DA4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 1006CEAC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 1004DB0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 1007140C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 1006D06C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 1004CC6C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1004CA7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] GDI32.dll!CreateDCW 77F1BE38 1 Byte [E9]
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1004CB3C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 1004CD0C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1004339C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 1004329C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSAStringToAddressW 71AB281E 7 Bytes JMP 1006D8EC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10071D4C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 1006D52C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 1007165C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10073BDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10071A7C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 1007265C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 1007181C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!recv 71AB676F 5 Bytes JMP 1007202C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100723AC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 1006D72C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSAStringToAddressA 71AB9765 7 Bytes JMP 1006D80C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 1007171C C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 1006DCDC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 1006DBBC C:\WINDOWS\system32\svrltmgr.dll
    .text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[4016] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 1006DB0C C:\WINDOWS\system32\svrltmgr.dll

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[764] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat B2FA2D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
    ---- Processes - GMER 1.0.15 ----

    Library C:\WINDOWS\system32\sgvrfy32.exe (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [444] 0x00400000
    Library C:\WINDOWS\system32\vdorctrl.dll (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [444] 0x10000000
    Library C:\WINDOWS\system32\cmproxfr.dll (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [444] 0x01130000
    Library C:\WINDOWS\system32\vdorctrl.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2932] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2932] 0x03450000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe [3120] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\stsystra.exe [3200] 0x00D50000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\System32\DLA\DLACTRLW.EXE [3208] 0x009C0000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3300] 0x00E00000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [3308] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe [3320] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [3368] 0x00D40000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jusched.exe [3392] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast5\avastUI.exe [3400] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3456] 0x10000000
    Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [4016] 0x10000000
    Library C:\WINDOWS\system32\winipdat\winipdll\svrltwp.dll (*** hidden *** ) @ C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [4016] 0x05CE0000

    ---- EOF - GMER 1.0.15 ----
     
    Jeremie,
    #8
  10. 2011/01/07
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    some of my posts are waiting to be approved by the moderator
     
    Jeremie,
    #9
  11. 2011/01/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    Combofix will not run in normal mode. Error regarding an AVG installation. I had avast installed but i unistalled it via appremover prog. Still had the same issue. Tried suggestons in safemode I get the same message. "Combofix can not run when AVG is installed... "

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/08/2011 at 14:55:48.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 01/08/2011 at 14:55:54.
     
    Jeremie,
    #11
  13. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    this is the rkill log in normal. mode
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/08/2011 at 15:07:49.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe


    Rkill completed on 01/08/2011 at 15:08:06.
     
    Jeremie,
    #12
  14. 2011/01/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let 's see, where AVG is hiding....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #13
  15. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    OTL logfile created on: 1/8/2011 9:51:02 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Gregg\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.21 Gb Total Space | 49.93 Gb Free Space | 70.11% Space Free | Partition Type: NTFS
    Drive E: | 5.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 105.44 Gb Total Space | 100.97 Gb Free Space | 95.76% Space Free | Partition Type: NTFS
    Drive Z: | 40.00 Gb Total Space | 8.04 Gb Free Space | 20.10% Space Free | Partition Type: NTFS

    Computer Name: JEREMIE | User Name: Gregg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/08 21:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTL.exe
    PRC - [2010/12/13 11:36:02 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/13 11:35:48 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/05/25 11:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/12/08 20:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/13 19:12:10 | 000,688,128 | ---- | M] () -- C:\WINDOWS\System32\sgvrfy32.exe
    PRC - [2007/11/23 11:47:36 | 000,061,440 | ---- | M] (Practice Manager Group, LLC) -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
    PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/11/07 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/01/08 21:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 19:12:10 | 001,372,160 | ---- | M] () -- C:\WINDOWS\System32\svrltmgr.dll
    MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
    MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/13 11:36:02 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/13 11:35:48 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/05/25 11:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
    SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/02/13 16:38:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/04/13 19:12:10 | 000,688,128 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\sgvrfy32.exe -- (System Event Dispatcher)
    SRV - [2007/11/23 11:47:36 | 000,061,440 | ---- | M] (Practice Manager Group, LLC) [Auto | Running] -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe -- (Update Agent)
    SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\okkqggrg.sys -- (okkqggrg)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GenericMount.sys -- (GenericMount)
    DRV - [2010/12/13 11:35:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/05/31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/05/31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/06/12 08:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2006/08/23 12:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 02:13:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 12:11:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 13:48:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2011/01/05 19:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 08:29:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/07 14:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/05 19:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/08/12 11:14:22 | 000,322,071 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 11035 more lines...
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PmUaMonitor] C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe (Practice Manager Group, LLC)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} http://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe (InstallShield Setup Player V12)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} http://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB (PMRequirementsChecker Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://dell.webex.com/client/T26L/support/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5930/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Latronica.com
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: Winipdat - {A3DE4317-A8FB-446A-BFF2-1C927989C582} - C:\WINDOWS\System32\vdorctrl.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.imm4 - C:\WINDOWS\System32\vcmimm4.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Unable to start service SrService!

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/08 21:49:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTL.exe
    [2011/01/08 13:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/05 22:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gregg\Application Data\Malwarebytes
    [2011/01/05 22:19:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\TFC.exe
    [2007/09/04 09:11:41 | 003,378,248 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
    [1996/11/12 21:25:44 | 000,018,944 | R--- | C] ( ) -- C:\WINDOWS\System32\implode.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/08 21:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTL.exe
    [2011/01/08 21:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/01/08 21:25:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-602162358-725345543-1003UA.job
    [2011/01/08 21:12:04 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790384558-2054425275-2914615486-1111UA.job
    [2011/01/08 17:12:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790384558-2054425275-2914615486-1111Core.job
    [2011/01/08 15:07:25 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/01/08 15:07:21 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\XrayMyPC.job
    [2011/01/08 15:05:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/08 15:00:29 | 004,013,049 | R--- | M] () -- C:\Documents and Settings\Gregg\Desktop\ComboFix.exe
    [2011/01/08 14:38:43 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\rkill.exe
    [2011/01/08 14:24:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/01/08 13:28:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/08 13:26:16 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/01/07 14:25:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-602162358-725345543-1003Core.job
    [2011/01/06 11:25:21 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\Microsoft Office Word 2007.lnk
    [2011/01/05 22:59:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe
    [2011/01/05 22:19:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\TFC.exe
    [2011/01/05 22:15:17 | 000,976,273 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\tempCleaner_3.0.4.exe.zip
    [2010/12/30 11:41:56 | 002,290,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/29 23:27:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/29 23:18:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/12/21 16:38:35 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\Microsoft Office Excel 2007.lnk
    [2010/12/13 11:35:48 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2010/12/13 11:35:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2010/12/13 11:35:48 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

    ========== Files Created - No Company Name ==========

    [2011/01/08 15:00:19 | 004,013,049 | R--- | C] () -- C:\Documents and Settings\Gregg\Desktop\ComboFix.exe
    [2011/01/08 14:38:42 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\rkill.exe
    [2011/01/05 22:59:33 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe
    [2011/01/05 22:15:15 | 000,976,273 | ---- | C] () -- C:\Documents and Settings\Gregg\Desktop\tempCleaner_3.0.4.exe.zip
    [2010/12/21 23:32:20 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Gregg\uninstall.log
    [2010/12/21 23:30:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/08/16 13:11:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25store.dll
    [2010/08/16 12:26:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Gregg\Local Settings\Application Data\fusioncache.dat
    [2010/07/15 20:50:01 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gregg\Local Settings\Application Data\keyfile3.drm
    [2010/03/23 16:01:42 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2009/12/23 11:18:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\vcmimm4.dll
    [2009/09/04 12:03:41 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2009/09/04 12:03:15 | 000,007,103 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2008/08/12 12:44:08 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2008/07/21 10:12:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/11/28 14:34:35 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/26 11:34:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ftk.INI
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/10/19 15:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/09/05 12:39:55 | 000,000,174 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/08/30 11:01:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DTO2KXSV.INI
    [2007/08/23 12:09:24 | 000,002,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/08/23 12:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2007/08/21 16:25:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/08/21 15:54:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/08/21 15:54:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/08/21 15:54:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/08/21 15:54:42 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/08/21 15:54:41 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/08/21 15:54:41 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2007/08/21 15:54:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2007/08/21 11:41:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/04 07:00:00 | 001,372,160 | ---- | C] () -- C:\WINDOWS\System32\svrltmgr.dll
    [2004/08/04 07:00:00 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vdorctrl.dll
    [2004/08/04 07:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\cmproxfr.dll
    [2004/08/04 07:00:00 | 000,176,509 | ---- | C] () -- C:\WINDOWS\System32\wzodlg32.dll
    [2004/08/04 07:00:00 | 000,044,686 | ---- | C] () -- C:\WINDOWS\System32\mzsyk32.dll
    [2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000059.DLL
    [2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/03/16 15:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
    [2009/07/22 12:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
    [2010/02/04 15:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/03/19 15:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
    [2011/01/08 12:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/03/19 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2007/11/29 11:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaWidget
    [2010/06/01 10:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2010/01/20 11:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/03 15:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/11/21 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/02/29 11:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/12/16 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2008/07/09 15:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/03/16 10:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/07/03 12:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
    [2010/04/07 09:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/10 14:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/22 09:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/09/23 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gregg\Application Data\webex
    [2011/01/08 15:07:21 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\XrayMyPC.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/07 14:04:03 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/08 14:24:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/08/21 15:49:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/02/29 11:27:03 | 000,000,445 | -H-- | M] () -- C:\IPH.PH
    [2009/06/15 18:00:47 | 000,302,080 | ---- | M] () -- C:\MASTER CLIENT PI-2009.xls
    [2010/02/08 14:04:52 | 000,179,200 | ---- | M] () -- C:\MASTER CLIENT PI-2010.xls
    [2007/08/21 15:49:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/28 08:24:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/08 15:05:15 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/08 15:08:06 | 000,000,687 | ---- | M] () -- C:\rkill.log
    [2009/07/28 10:24:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/04/02 16:23:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/04/06 10:06:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/04/06 10:10:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/04/07 18:04:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/04/08 18:21:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/04/09 18:01:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/04/10 17:12:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/04/15 18:12:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/04/27 14:25:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/05/04 11:15:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/05/15 12:38:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/06/19 22:24:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/07/21 18:40:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/07/24 14:08:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/07/24 14:34:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/07/27 12:35:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/07/27 15:17:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009/07/27 15:38:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009/07/28 09:50:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/07/28 10:24:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/04/02 16:23:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/04/06 10:06:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/04/06 10:10:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/04/07 18:04:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/04/08 18:21:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/04/09 18:01:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/04/10 17:12:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/04/15 18:12:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/04/27 14:25:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/05/04 11:15:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/05/15 12:38:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/06/19 22:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/07/21 18:40:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/07/24 14:08:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/07/24 14:34:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/07/27 12:35:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/07/27 15:16:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009/07/27 15:38:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009/07/28 09:50:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 02:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2007/08/21 15:48:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2010/12/13 11:35:48 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/09/04 09:11:47 | 003,378,248 | ---- | M] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/08/21 11:40:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/08/21 11:40:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/08/21 11:40:17 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/28 08:29:39 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/15 20:40:23 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Gregg\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/07/15 20:40:23 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gregg\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/08 15:00:29 | 004,013,049 | R--- | M] () -- C:\Documents and Settings\Gregg\Desktop\ComboFix.exe
    [2011/01/05 22:59:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\hhvl3v5k.exe
    [2011/01/08 21:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\OTL.exe
    [2011/01/08 14:38:43 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Gregg\Desktop\rkill.exe
    [2011/01/05 22:19:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gregg\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/07/15 20:40:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Gregg\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/15 20:27:50 | 000,002,958 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/08 21:49:42 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Gregg\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2009/07/10 00:05:02 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\Installer\BBMediaSyncUninstall.exe
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2009/12/23 11:41:37 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
    Jeremie,
    #14
  16. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    OTL Extras logfile created on: 1/8/2011 9:51:02 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Gregg\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.21 Gb Total Space | 49.93 Gb Free Space | 70.11% Space Free | Partition Type: NTFS
    Drive E: | 5.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 105.44 Gb Total Space | 100.97 Gb Free Space | 95.76% Space Free | Partition Type: NTFS
    Drive Z: | 40.00 Gb Total Space | 8.04 Gb Free Space | 20.10% Space Free | Partition Type: NTFS

    Computer Name: JEREMIE | User Name: Gregg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "2468:TCP" = 2468:TCP:*:Enabled:System Event Dispatcher

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\hp\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\hp\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
    "C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0450E41A-3E63-4097-AF92-77CABA662EDB}" = 2570
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{12370B3C-934A-4D4B-AE86-A77EC42C42B9}" = 2570Trb
    "{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{21DB7C30-A170-4C51-B39E-EDC55E0836D4}" = Practice Manager PM Purger Client Adapter
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{31D2ADFD-A2E2-47D0-AA6E-1343FA52BF7C}" = Support Tools Web Package : NETDIAG.EXE
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{37566D8F-0EA4-46EF-8858-973FF21853B6}" = Nitro PDF Reader
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4921C01E-39B8-41FD-AF70-5E4765E22FE7}" = 2570_Help
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D548014-F727-4B5D-8C6C-E1744760EE12}" = Easy TimeBill & Trust Accounting
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84834762-4259-4213-8EE3-91481F05BC19}" = Web Camera Control
    "{8794D346-9534-421A-A4DA-BD386D9341A6}" = RemoteAgent
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B0AC146D-2ABE-4D9D-AF25-798734CE4292}" = Practice Manager Update Agent
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B35DB336-C7AA-4B4E-B3F5-2D4B0361603C}" = Practice Manager 10 Workstation
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BADA4CD0-ECA5-11D4-8561-00A0C9720C2C}" = Saga Practice Manager and Plugins
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C83A7BC5-CA10-4C9E-8FB0-7D33B2EDAEFB}" = Practice Manager n-tier Framework Client
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEE41301-74D3-4AB3-829B-BF66D9CBC586}" = BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E896DA69-F993-440E-8515-EB197EFB284F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "IMM4 Codec_is1" = IMM4 VCM Codec 1.0.0.10
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NodEnabler" = NodEnabler 3.4.1
    "Nucleus Kernel DBF Recovery(Evaluation Copy)_is1" = Nucleus Kernel DBF Recovery ver 5.01
    "NVIDIA Drivers" = NVIDIA Drivers
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "RealPlayer 6.0" = RealPlayer
    "RegVac Registry Cleaner (Trial Version)_is1" = RegVac Registry Cleaner 5.01 (Trial Version)
    "RocketDock_is1" = RocketDock 1.3.5
    "Shop for HP Supplies" = Shop for HP Supplies
    "SystemRequirementsLab" = System Requirements Lab
    "UBCD4Win_is1" = UBCD4Win 3.50
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "ViGlance" = ViGlance
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.0.2
    "winpcap-nmap" = winpcap-nmap 4.02
    "WinRAR archiver" = WinRAR archiver
    "Wireshark" = Wireshark 1.0.8
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/29/2010 11:12:17 AM | Computer Name = JEREMIE | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 12.0.6539.5000, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/7/2010 3:04:07 PM | Computer Name = JEREMIE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 11/7/2010 3:04:07 PM | Computer Name = JEREMIE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 11/7/2010 3:04:07 PM | Computer Name = JEREMIE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 11/7/2010 3:04:07 PM | Computer Name = JEREMIE | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/5/2011 8:52:39 PM | Computer Name = JEREMIE | Source = MsiInstaller | ID = 11500
    Description = Product: Java(TM) 6 Update 23 -- Error 1500.Another installation is
    in progress. You must complete that installation before continuing this one.

    Error - 1/5/2011 8:52:39 PM | Computer Name = JEREMIE | Source = MsiInstaller | ID = 11500
    Description = Product: Java(TM) 6 Update 23 -- Error 1500.Another installation is
    in progress. You must complete that installation before continuing this one.

    Error - 1/5/2011 8:52:41 PM | Computer Name = JEREMIE | Source = MsiInstaller | ID = 11500
    Description = Product: Java(TM) 6 Update 23 -- Error 1500.Another installation is
    in progress. You must complete that installation before continuing this one.

    Error - 1/6/2011 7:32:51 AM | Computer Name = JEREMIE | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 1/8/2011 2:27:06 PM | Computer Name = JEREMIE | Source = Application Error | ID = 1000
    Description = Faulting application , version 0.0.0.0, faulting module unknown, version
    0.0.0.0, fault address 0x00000000.

    [ OSession Events ]
    Error - 4/2/2010 2:59:05 PM | Computer Name = JEREMIE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8816
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 7/14/2010 7:23:48 PM | Computer Name = JEREMIE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/14/2010 7:27:14 PM | Computer Name = JEREMIE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/8/2011 4:04:29 PM | Computer Name = JEREMIE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 1/8/2011 4:06:48 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7023
    Description = The Google Software Updater service terminated with the following
    error: %%2147942402

    Error - 1/8/2011 4:06:48 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 1/8/2011 4:07:41 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sr

    Error - 1/8/2011 4:07:41 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7000
    Description = The System Restore Filter Driver service failed to start due to the
    following error: %%123

    Error - 1/8/2011 4:07:41 PM | Computer Name = JEREMIE | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 1/8/2011 4:07:41 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 1/8/2011 10:51:22 PM | Computer Name = JEREMIE | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 1/8/2011 10:51:22 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7000
    Description = The System Restore Filter Driver service failed to start due to the
    following error: %%123

    Error - 1/8/2011 10:51:22 PM | Computer Name = JEREMIE | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
     
    Jeremie,
    #15
  17. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    I ran the scan on another profile just in case.

    OTL logfile created on: 1/8/2011 10:12:29 PM - Run 2
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Jeremie.LATRONICA\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.21 Gb Total Space | 49.85 Gb Free Space | 70.01% Space Free | Partition Type: NTFS
    Drive E: | 5.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive Z: | 40.00 Gb Total Space | 8.04 Gb Free Space | 20.10% Space Free | Partition Type: NTFS

    Computer Name: JEREMIE | User Name: Jeremie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/08 22:12:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\OTL.exe
    PRC - [2010/12/13 11:36:02 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/13 11:35:48 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/05/31 11:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2010/05/25 11:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    PRC - [2010/05/20 11:11:03 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/12/08 20:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/13 19:12:10 | 000,688,128 | ---- | M] () -- C:\WINDOWS\System32\sgvrfy32.exe
    PRC - [2007/11/23 11:47:36 | 000,221,184 | ---- | M] (Practice Manager Group, LLC) -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
    PRC - [2007/11/23 11:47:36 | 000,061,440 | ---- | M] (Practice Manager Group, LLC) -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
    PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
    PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/11/07 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/01/08 22:12:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 19:12:10 | 001,372,160 | ---- | M] () -- C:\WINDOWS\System32\svrltmgr.dll
    MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
    MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/13 11:36:02 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/13 11:35:48 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/12/08 10:27:23 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/05/25 11:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
    SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/02/13 16:38:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/04/13 19:12:10 | 000,688,128 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\sgvrfy32.exe -- (System Event Dispatcher)
    SRV - [2007/11/23 11:47:36 | 000,061,440 | ---- | M] (Practice Manager Group, LLC) [Auto | Running] -- C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe -- (Update Agent)
    SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\okkqggrg.sys -- (okkqggrg)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\GenericMount.sys -- (GenericMount)
    DRV - [2010/12/13 11:35:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/05/31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/05/31 11:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/06/12 08:46:40 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2006/08/23 12:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 73 BA 96 AA AF CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/11 02:13:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 12:11:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 13:48:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2009/12/10 12:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Mozilla\Extensions
    [2009/12/10 12:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2009/12/22 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Mozilla\Firefox\Profiles\ba49izbz.default\extensions
    [2009/12/09 14:08:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Mozilla\Firefox\Profiles\ba49izbz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/05 19:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 08:29:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/07 14:09:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/05 19:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/04/05 08:26:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/08/12 11:14:22 | 000,322,071 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 11035 more lines...
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PmUaMonitor] C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe (Practice Manager Group, LLC)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} http://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe (InstallShield Setup Player V12)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} http://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB (PMRequirementsChecker Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://dell.webex.com/client/T26L/support/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5930/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Latronica.com
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O21 - SSODL: Winipdat - {A3DE4317-A8FB-446A-BFF2-1C927989C582} - C:\WINDOWS\System32\vdorctrl.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{9f0beb3c-17b2-11de-9bc5-00188b59c8d4}\Shell\AutoRun\command - " " = F:\autorun.bat -- File not found
    O33 - MountPoints2\{de23b5eb-f3c2-11de-9cbd-00188b59c8d4}\Shell - " " = AutoRun
    O33 - MountPoints2\{de23b5eb-f3c2-11de-9cbd-00188b59c8d4}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{de23b5eb-f3c2-11de-9cbd-00188b59c8d4}\Shell\AutoRun\command - " " = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{eb94b78e-ea69-11de-9cb3-00188b59c8d4}\Shell - " " = AutoRun
    O33 - MountPoints2\{eb94b78e-ea69-11de-9cb3-00188b59c8d4}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{eb94b78e-ea69-11de-9cb3-00188b59c8d4}\Shell\AutoRun\command - " " = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{fcbb32f3-6ff4-11df-9d36-00188b59c8d4}\Shell - " " = AutoRun
    O33 - MountPoints2\{fcbb32f3-6ff4-11df-9d36-00188b59c8d4}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{fcbb32f3-6ff4-11df-9d36-00188b59c8d4}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{fcbb32f4-6ff4-11df-9d36-00188b59c8d4}\Shell - " " = AutoRun
    O33 - MountPoints2\{fcbb32f4-6ff4-11df-9d36-00188b59c8d4}\Shell\AutoRun - " " = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.imm4 - C:\WINDOWS\System32\vcmimm4.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/08 22:11:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\OTL.exe
    [2011/01/08 22:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremie.LATRONICA\My Documents\Adobe Scripts
    [2011/01/08 13:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/04 23:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremie.LATRONICA\Local Settings\Application Data\LogMeIn
    [2007/09/04 09:11:41 | 003,378,248 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
    [1996/11/12 21:25:44 | 000,018,944 | R--- | C] ( ) -- C:\WINDOWS\System32\implode.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/08 22:12:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\OTL.exe
    [2011/01/08 22:12:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790384558-2054425275-2914615486-1111UA.job
    [2011/01/08 22:10:22 | 004,150,950 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\ComboFix.exe
    [2011/01/08 22:07:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/01/08 22:02:53 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/01/08 22:02:50 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\XrayMyPC.job
    [2011/01/08 21:55:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/01/08 21:25:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-602162358-725345543-1003UA.job
    [2011/01/08 17:12:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790384558-2054425275-2914615486-1111Core.job
    [2011/01/08 15:05:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/08 14:24:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2011/01/08 13:28:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/08 13:26:16 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/01/07 14:25:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-602162358-725345543-1003Core.job
    [2010/12/30 11:41:56 | 002,290,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/29 23:27:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/29 23:18:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/12/21 16:38:35 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\Microsoft Office Word 2007.lnk
    [2010/12/21 16:38:35 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\Microsoft Office Word 2007 (2).lnk
    [2010/12/21 16:38:35 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\Microsoft Office Excel 2007.lnk
    [2010/12/13 11:35:48 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2010/12/13 11:35:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2010/12/13 11:35:48 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

    ========== Files Created - No Company Name ==========

    [2011/01/08 22:10:15 | 004,150,950 | ---- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\ComboFix.exe
    [2010/12/21 23:30:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/08/16 13:11:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25store.dll
    [2010/03/23 16:01:42 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/02/03 18:19:15 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Local Settings\Application Data\keyfile3.drm
    [2010/01/29 14:40:57 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\wklnhst.dat
    [2009/12/23 11:18:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\vcmimm4.dll
    [2009/12/23 11:16:11 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/09 11:14:42 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\$_hpcst$.hpc
    [2009/12/08 14:16:49 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Jeremie.LATRONICA\Local Settings\Application Data\fusioncache.dat
    [2009/09/04 12:03:41 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2009/09/04 12:03:15 | 000,007,103 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2008/08/12 12:44:08 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
    [2008/07/21 10:12:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2007/11/28 14:34:35 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/26 11:34:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ftk.INI
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2007/10/19 15:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/09/05 12:39:55 | 000,000,174 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/08/30 11:01:02 | 000,000,074 | ---- | C] () -- C:\WINDOWS\DTO2KXSV.INI
    [2007/08/23 12:09:24 | 000,002,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/08/23 12:07:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2007/08/21 16:25:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/08/21 15:54:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/08/21 15:54:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/08/21 15:54:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/08/21 15:54:42 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2007/08/21 15:54:41 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/08/21 15:54:41 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2007/08/21 15:54:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2007/08/21 11:41:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/04 07:00:00 | 001,372,160 | ---- | C] () -- C:\WINDOWS\System32\svrltmgr.dll
    [2004/08/04 07:00:00 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vdorctrl.dll
    [2004/08/04 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/04 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/04 07:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\cmproxfr.dll
    [2004/08/04 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/04 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/04 07:00:00 | 000,176,529 | ---- | C] () -- C:\WINDOWS\System32\wzodlg32.dll
    [2004/08/04 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2004/08/04 07:00:00 | 000,044,686 | ---- | C] () -- C:\WINDOWS\System32\mzsyk32.dll
    [2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000059.DLL
    [2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2010/03/16 15:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
    [2009/07/22 12:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
    [2010/02/04 15:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/03/19 15:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
    [2011/01/08 12:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/03/19 16:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2007/11/29 11:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaWidget
    [2010/06/01 10:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2010/01/20 11:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/03 15:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/11/21 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2008/02/29 11:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/12/16 15:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2008/07/09 15:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009/03/16 10:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/07/03 12:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
    [2010/04/07 09:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/10 14:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/22 09:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/06/02 10:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Downloaded Installations
    [2010/02/04 15:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\ESET
    [2010/02/05 11:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\ImgBurn
    [2009/12/16 14:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Leadertech
    [2010/06/02 14:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\LimeWire
    [2010/06/01 10:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Nitro PDF
    [2010/05/10 14:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\PrimoPDF
    [2010/05/13 07:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\QuickScan
    [2009/12/21 12:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Research In Motion
    [2009/12/28 10:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Styler
    [2010/01/29 14:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Template
    [2011/01/08 22:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\uTorrent
    [2009/12/31 12:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\ViGlance
    [2009/12/16 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Western Digital
    [2010/05/06 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Wireshark
    [2011/01/08 22:02:50 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\XrayMyPC.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/07 14:04:03 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/08 14:24:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2007/08/21 15:49:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/08/21 15:49:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/02/29 11:27:03 | 000,000,445 | -H-- | M] () -- C:\IPH.PH
    [2009/06/15 18:00:47 | 000,302,080 | ---- | M] () -- C:\MASTER CLIENT PI-2009.xls
    [2010/02/08 14:04:52 | 000,179,200 | ---- | M] () -- C:\MASTER CLIENT PI-2010.xls
    [2007/08/21 15:49:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/28 08:24:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/01/08 15:05:15 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/08 15:08:06 | 000,000,687 | ---- | M] () -- C:\rkill.log
    [2009/07/28 10:24:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2009/04/02 16:23:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/04/06 10:06:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/04/06 10:10:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/04/07 18:04:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/04/08 18:21:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/04/09 18:01:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/04/10 17:12:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/04/15 18:12:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/04/27 14:25:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/05/04 11:15:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/05/15 12:38:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/06/19 22:24:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2009/07/21 18:40:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2009/07/24 14:08:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2009/07/24 14:34:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2009/07/27 12:35:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2009/07/27 15:17:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2009/07/27 15:38:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2009/07/28 09:50:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2009/07/28 10:24:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2009/04/02 16:23:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/04/06 10:06:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/04/06 10:10:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/04/07 18:04:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/04/08 18:21:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/04/09 18:01:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/04/10 17:12:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/04/15 18:12:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/04/27 14:25:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/05/04 11:15:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/05/15 12:38:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/06/19 22:24:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2009/07/21 18:40:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2009/07/24 14:08:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2009/07/24 14:34:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2009/07/27 12:35:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2009/07/27 15:16:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2009/07/27 15:38:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2009/07/28 09:50:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 02:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2007/08/21 15:48:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
    [2010/12/13 11:35:48 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/09/04 09:11:47 | 003,378,248 | ---- | M] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/08/21 11:40:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/08/21 11:40:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/08/21 11:40:17 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/28 08:29:39 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/06 21:56:50 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/12/06 21:56:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/01/20 11:01:13 | 271,060,312 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\501_b049_multilanguage.exe
    [2011/01/08 22:10:22 | 004,150,950 | ---- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\ComboFix.exe
    [2011/01/08 22:12:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremie.LATRONICA\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/08/21 15:53:16 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/15 20:27:50 | 000,002,958 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/08 22:11:59 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Jeremie.LATRONICA\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2009/07/10 00:05:02 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\Installer\BBMediaSyncUninstall.exe
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2009/12/23 11:41:37 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
    Jeremie,
    #16
  18. 2011/01/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ===============================================================

    I don't see a single sign of AVG...

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\okkqggrg.sys -- (okkqggrg)
O4 - HKLM..\Run: [] File not found
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    Then...
    Delete your Combofix file, download fresh one and try again.
     
    broni,
    #17
  19. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Service okkqggrg stopped successfully!
    Service okkqggrg deleted successfully!
    File C:\WINDOWS\System32\drivers\okkqggrg.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
    Starting removal of ActiveX control {6E704581-CCAE-46D2-9C64-20D724B3624E}
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\unagi3.0.84.2.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E704581-CCAE-46D2-9C64-20D724B3624E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E704581-CCAE-46D2-9C64-20D724B3624E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E704581-CCAE-46D2-9C64-20D724B3624E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E704581-CCAE-46D2-9C64-20D724B3624E}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: Administrator.LATRONICA

    User: All Users

    User: Default User

    User: Erica
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: Gregg
    ->Temp folder emptied: 1040966 bytes
    ->Temporary Internet Files folder emptied: 2860220 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Jeremie.LATRONICA
    ->Temp folder emptied: 1894965 bytes
    ->Temporary Internet Files folder emptied: 8520165 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 5007382 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 505 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.LATRONICA

    User: All Users

    User: Default User

    User: Erica

    User: Gregg
    ->Flash cache emptied: 0 bytes

    User: Jeremie.LATRONICA
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01082011_230908

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Jeremie,
    #18
  20. 2011/01/08
    Jeremie

    Jeremie Inactive Thread Starter

    Joined:
    2011/01/06
    Messages:
    117
    Likes Received:
    0
    Still having the same issue.
     
    Jeremie,
    #19
  21. 2011/01/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What does exactly happen?
     
    broni,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...