Here is the contents of the programs you wanted me to run.
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-06-07 18:26:02
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF36F79AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF36F7958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF36F796C]
Code 85CA6230 ZwEnumerateKey
Code 85CB1608 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF36F79EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF36F7930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF36F7944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF36F79BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF36F7996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF36F7982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF36F7A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF36F7A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF36F79D4]
Code 85CB480E IofCallDriver
Code 85BBFAC6 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service system32\drivers\kungsfxsdydtsp.sys (*** hidden *** ) [SYSTEM] kungsfqefwqvfn <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\SKYNETrprxvvhd.sys (*** hidden *** ) [SYSTEM] SKYNETenwmbjos <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn@imagepath \systemroot\system32\drivers\kungsfxsdydtsp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfxsdydtsp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules@kungsfcmd.dll \systemroot\system32\kungsfqlhdvpjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules@kungsflog.dat \systemroot\system32\kungsfyfmesjnh.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules@kungsfwsp.dll \systemroot\system32\kungsfypstndny.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfqefwqvfn\modules@kungsf.dat \systemroot\system32\kungsfpiocbrdg.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos@imagepath \systemroot\system32\drivers\SKYNETrprxvvhd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETrprxvvhd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETenwmbjos\modules@SKYNETcmd.dll \systemroot\system32\SKYNETgpgpepyy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn@imagepath \systemroot\system32\drivers\kungsfxsdydtsp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules@kungsfrk.sys \systemroot\system32\drivers\kungsfxsdydtsp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules@kungsfcmd.dll \systemroot\system32\kungsfqlhdvpjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules@kungsflog.dat \systemroot\system32\kungsfyfmesjnh.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules@kungsfwsp.dll \systemroot\system32\kungsfypstndny.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kungsfqefwqvfn\modules@kungsf.dat \systemroot\system32\kungsfpiocbrdg.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos@imagepath \systemroot\system32\drivers\SKYNETrprxvvhd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETrprxvvhd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETenwmbjos\modules@SKYNETcmd.dll \systemroot\system32\SKYNETgpgpepyy.dll
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\SKYNETrprxvvhd.sys 19968 bytes executable <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason Packer at 17:12:57.40 on Sun 06/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.530 [GMT -6:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason Packer\Desktop\dds.scr
============== Pseudo HJT Report ===============
uLocal Page = \blank.htm
uStart Page =
hxxp://www.yahoo.commDefault_Page_URL =
hxxp://www.yahoo.commStart Page =
hxxp://www.yahoo.commSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch =
hxxp://ie.search.msn.comuURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,dlnxwtr.exe
BHO: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7FD44536-9DF0-4034-939F-5BD4D98E3187} - No File
uRun: [bovsRRa7T] senpdmoe.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DR_S] c:\program files\dr_s\DR_S.exe
uRun: [sfita] c:\windows\sfita.exe
uRun: [ukuk] c:\progra~1\common~1\ukuk\ukukm.exe
uRun: [wubin] c:\windows\system32\bgpplo.exe reg_run
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Jqxwmdf] c:\progra~1\fnts~1\CRSS~1.EXE
uRun: [mf3mpa] c:\windows\system32\mf3mpa.exe
uRun: [irssyncd] c:\windows\system32\irssyncd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Diagnostic Manager] c:\docume~1\jasonp~1\locals~1\temp\1215120500.exe
uRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vbPT9] c:\windows\ijxkxfo.exe
mRun: [alof] c:\windows\alof.exe
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [Á³# L"h'þ9Óœð3rÅWc:\program files\istsvc\istsvc.exe] c:\windows\ijxkxfo.exe
mRun: [version] c:\windows\system32\Zftoob.exe
mRun: [NI.UWFX5LP_0001_0614] "c:\windows\downloaded program files\conflict.2\UWFX5LP_0001_0614NetInstaller.exe"
mRun: [NI.UWFX5LP_0001_0715] "c:\windows\downloaded program files\UWFX5LP_0001_0715NetInstaller.exe"
mRun: [NI.UWFX5LP_0001_0802] "c:\windows\downloaded program files\UWFX5LP_0001_0802NetInstaller.exe"
mRun: [seli] c:\windows\seli.exe
mRun: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
mRun: [NI.UWFX5] "c:\windows\downloaded program files\UWFX5NetInstaller.exe"
mRun: [Dinst] c:\windows\dinst.exe
mRun: [inmmeo] c:\docume~1\jasonp~1\locals~1\temp\app10.tmp
mRun: [4030] c:\windows\seli.exe
mRun: [UniUploader] c:\program files\uniuploader\UniUploader.exe
mRun: [bxthlm] c:\windows\system32\bgpplo.exe reg_run
mRun: [MSN Services] c:\recycler\msnservice.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
uExplorerRun: [mf3mpa] c:\windows\system32\mf3mpa.exe
StartupFolder: c:\docume~1\jasonp~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\tnbqs.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0000000A-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... wmavax.CABDPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
hxxp://messenger.zone.msn.com/binary/ms ... b31267.cabDPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} -
hxxp://messenger.zone.msn.com/binary/Up ... b31267.cabDPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
hxxp://messenger.zone.msn.com/binary/Me ... b31267.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
hxxp://messenger.zone.msn.com/binary/ms ... b56986.cabDPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
hxxp://messenger.zone.msn.com/binary/Mi ... b31267.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... mv9VCM.CABDPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
hxxp://download.mcafee.com/molbin/share ... insctl.cabDPF: {5D6F45B3-9043-443D-A792-115447494D24} -
hxxp://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cabDPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -
hxxp://downloads.shopathomeselect.com/p ... 02_sp2.cabDPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} -
hxxp://www.icannnews.com/app/ST/ax.ocxDPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
hxxp://download.shockwave.com/pub/otoy/OTOYAX.cabDPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
hxxp://messenger.zone.msn.com/EN-US/a-L ... uncher.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
hxxp://messenger.zone.msn.com/binary/Me ... b31267.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/sh ... rashim.cabDPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
hxxp://www.pacimedia.com/install/pcs_0012.exeDPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} -
hxxp://messenger.zone.msn.com/binary/Me ... b55762.cabDPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} -
hxxps://ecampus.phoenix.edu/secure/PhxStudent15.CABDPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
hxxp://messenger.msn.com/download/MsnMe ... loader.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
hxxp://messenger.zone.msn.com/binary/ZI ... b55579.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
hxxp://download.mcafee.com/molbin/share ... cgdmgr.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
hxxp://messenger.zone.msn.com/binary/Me ... b56907.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... wflash.cabDPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
hxxp://www.arcadetown.com/swf/feedingfr ... uncher.cabDPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} -
hxxp://www.clickteam.com/vitalize4/vitalize.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cabDPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -
hxxp://messenger.zone.msn.com/binary/So ... b31267.cabHandler: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: inicfg32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jasonp~1\applic~1\mozilla\firefox\profiles\x0ul14p7.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.comcast.net/a/FF - plugin: c:\documents and settings\jason packer\application data\mozilla\firefox\profiles\x0ul14p7.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\clickteam\vitalize\v4\NpCnc32.dll
============= SERVICES / DRIVERS ===============
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2005-2-16 70528]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-2 64160]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2005-2-16 97920]
R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [2005-2-16 45568]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2005-2-16 190720]
R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [2005-2-16 29184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-1 201320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-30 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-1 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-1 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-1 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-1 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-1 40488]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2009-4-26 104960]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-1 33832]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]
=============== Created Last 30 ================
2009-06-05 06:27 40,960 a--sh--- c:\documents and settings\jason packer\protect.dll
2009-06-02 15:43 21,711 a------- c:\windows\system32\AAWService_2009_06_02_15_43_31.dmp
2009-06-02 14:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-02 14:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-02 14:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 15:52 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 09:12 40,960 a--sh--- c:\windows\system32\autochk.dll
2009-05-28 05:29 20,992 a------- c:\windows\system32\kungsfypstndny.dll
2009-05-28 05:29 512,143 a------- c:\windows\system32\kungsfyfmesjnh.dat
2009-05-28 05:29 20,992 a------- c:\windows\system32\kungsfqlhdvpjs.dll
2009-05-12 04:12 <DIR> --d----- c:\docume~1\jasonp~1\applic~1\NASA
2009-05-12 04:06 <DIR> --d----- c:\program files\NASA
==================== Find3M ====================
2009-04-26 13:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SaiK0728_01005.Wdf
2009-04-26 13:56 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-16 10:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-13 01:57 22,276 a---h--- c:\windows\system32\mlfcache.dat
2009-03-03 04:23 20,328 ac------ c:\docume~1\jasonp~1\applic~1\GDIPFONTCACHEV1.DAT
2007-09-21 11:15 6,093 ac------ c:\program files\install.log
2007-03-09 13:57 0 a------- c:\documents and settings\jason packer\UniUploader.exe
2007-01-23 18:01 91,348,699 ac------ c:\program files\si_tribes2_update_21570-24834_25034.exe
2007-01-20 06:43 645,670 ac------ c:\program files\uTorrent-1.6-install.exe
2007-01-17 14:30 415,784 a------- c:\program files\msgr8us.exe
2007-01-14 14:41 5,643,480 ac------ c:\program files\AA28FullInstaller_Generic.exe.part
2006-10-24 07:38 2,599,088 ac------ c:\program files\Shockwave_Installer_Slim.exe
2006-09-21 13:25 96,241 ac--h--- c:\docume~1\jasonp~1\applic~1\ptads.bin
2006-08-06 10:26 1,034,681 ac------ c:\program files\wrar36b8.exe
2006-07-20 17:04 24,265,736 ac------ c:\program files\dotnetfx.exe
2006-07-09 07:15 0 ac------ c:\docume~1\jasonp~1\applic~1\internaldb41.dat
2006-07-01 13:43 2,855,080 ac------ c:\program files\aawsepersonal.exe
2005-08-27 02:35 46 ac------ c:\documents and settings\jason packer\TJ.DAT
2009-06-07 17:13 40,960 a--sh--- c:\windows\system32\autochk.dll
============= FINISH: 17:13:55.46 ===============
DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason Packer at 17:12:57.40 on Sun 06/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.530 [GMT -6:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason Packer\Desktop\dds.scr
============== Pseudo HJT Report ===============
uLocal Page = \blank.htm
uStart Page =
hxxp://www.yahoo.commDefault_Page_URL =
hxxp://www.yahoo.commStart Page =
hxxp://www.yahoo.commSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch =
hxxp://ie.search.msn.comuURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,dlnxwtr.exe
BHO: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {7FD44536-9DF0-4034-939F-5BD4D98E3187} - No File
uRun: [bovsRRa7T] senpdmoe.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DR_S] c:\program files\dr_s\DR_S.exe
uRun: [sfita] c:\windows\sfita.exe
uRun: [ukuk] c:\progra~1\common~1\ukuk\ukukm.exe
uRun: [wubin] c:\windows\system32\bgpplo.exe reg_run
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Jqxwmdf] c:\progra~1\fnts~1\CRSS~1.EXE
uRun: [mf3mpa] c:\windows\system32\mf3mpa.exe
uRun: [irssyncd] c:\windows\system32\irssyncd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Diagnostic Manager] c:\docume~1\jasonp~1\locals~1\temp\1215120500.exe
uRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [vbPT9] c:\windows\ijxkxfo.exe
mRun: [alof] c:\windows\alof.exe
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [Á³# L"h'þ9Óœð3rÅWc:\program files\istsvc\istsvc.exe] c:\windows\ijxkxfo.exe
mRun: [version] c:\windows\system32\Zftoob.exe
mRun: [NI.UWFX5LP_0001_0614] "c:\windows\downloaded program files\conflict.2\UWFX5LP_0001_0614NetInstaller.exe"
mRun: [NI.UWFX5LP_0001_0715] "c:\windows\downloaded program files\UWFX5LP_0001_0715NetInstaller.exe"
mRun: [NI.UWFX5LP_0001_0802] "c:\windows\downloaded program files\UWFX5LP_0001_0802NetInstaller.exe"
mRun: [seli] c:\windows\seli.exe
mRun: [Nsv] c:\windows\system32\nsvsvc\nsvsvc.exe
mRun: [NI.UWFX5] "c:\windows\downloaded program files\UWFX5NetInstaller.exe"
mRun: [Dinst] c:\windows\dinst.exe
mRun: [inmmeo] c:\docume~1\jasonp~1\locals~1\temp\app10.tmp
mRun: [4030] c:\windows\seli.exe
mRun: [UniUploader] c:\program files\uniuploader\UniUploader.exe
mRun: [bxthlm] c:\windows\system32\bgpplo.exe reg_run
mRun: [MSN Services] c:\recycler\msnservice.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
uExplorerRun: [mf3mpa] c:\windows\system32\mf3mpa.exe
StartupFolder: c:\docume~1\jasonp~1\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\tnbqs.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0000000A-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... wmavax.CABDPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
hxxp://messenger.zone.msn.com/binary/ms ... b31267.cabDPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} -
hxxp://messenger.zone.msn.com/binary/Up ... b31267.cabDPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
hxxp://messenger.zone.msn.com/binary/Me ... b31267.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
hxxp://messenger.zone.msn.com/binary/ms ... b56986.cabDPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
hxxp://messenger.zone.msn.com/binary/Mi ... b31267.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... mv9VCM.CABDPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
hxxp://download.mcafee.com/molbin/share ... insctl.cabDPF: {5D6F45B3-9043-443D-A792-115447494D24} -
hxxp://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cabDPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -
hxxp://downloads.shopathomeselect.com/p ... 02_sp2.cabDPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} -
hxxp://www.icannnews.com/app/ST/ax.ocxDPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
hxxp://download.shockwave.com/pub/otoy/OTOYAX.cabDPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -
hxxp://messenger.zone.msn.com/EN-US/a-L ... uncher.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
hxxp://messenger.zone.msn.com/binary/Me ... b31267.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/sh ... rashim.cabDPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
hxxp://www.pacimedia.com/install/pcs_0012.exeDPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} -
hxxp://messenger.zone.msn.com/binary/Me ... b55762.cabDPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} -
hxxps://ecampus.phoenix.edu/secure/PhxStudent15.CABDPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
hxxp://messenger.msn.com/download/MsnMe ... loader.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
hxxp://messenger.zone.msn.com/binary/ZI ... b55579.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
hxxp://download.mcafee.com/molbin/share ... cgdmgr.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
hxxp://messenger.zone.msn.com/binary/Me ... b56907.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... wflash.cabDPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
hxxp://www.arcadetown.com/swf/feedingfr ... uncher.cabDPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} -
hxxp://www.clickteam.com/vitalize4/vitalize.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cabDPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -
hxxp://messenger.zone.msn.com/binary/So ... b31267.cabHandler: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: inicfg32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jasonp~1\applic~1\mozilla\firefox\profiles\x0ul14p7.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.comcast.net/a/FF - plugin: c:\documents and settings\jason packer\application data\mozilla\firefox\profiles\x0ul14p7.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\clickteam\vitalize\v4\NpCnc32.dll
============= SERVICES / DRIVERS ===============
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [2005-2-16 70528]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-2 64160]
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2005-2-16 97920]
R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [2005-2-16 45568]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2005-2-16 190720]
R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [2005-2-16 29184]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-1 201320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-30 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-1 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-1 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-1 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-1 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-1 40488]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2009-4-26 104960]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-1 33832]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]
=============== Created Last 30 ================
2009-06-05 06:27 40,960 a--sh--- c:\documents and settings\jason packer\protect.dll
2009-06-02 15:43 21,711 a------- c:\windows\system32\AAWService_2009_06_02_15_43_31.dmp
2009-06-02 14:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-02 14:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-02 14:21 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 15:52 <DIR> --d----- c:\program files\Trend Micro
2009-06-01 09:12 40,960 a--sh--- c:\windows\system32\autochk.dll
2009-05-28 05:29 20,992 a------- c:\windows\system32\kungsfypstndny.dll
2009-05-28 05:29 512,143 a------- c:\windows\system32\kungsfyfmesjnh.dat
2009-05-28 05:29 20,992 a------- c:\windows\system32\kungsfqlhdvpjs.dll
2009-05-12 04:12 <DIR> --d----- c:\docume~1\jasonp~1\applic~1\NASA
2009-05-12 04:06 <DIR> --d----- c:\program files\NASA
==================== Find3M ====================
2009-04-26 13:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SaiK0728_01005.Wdf
2009-04-26 13:56 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-16 10:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-13 01:57 22,276 a---h--- c:\windows\system32\mlfcache.dat
2009-03-03 04:23 20,328 ac------ c:\docume~1\jasonp~1\applic~1\GDIPFONTCACHEV1.DAT
2007-09-21 11:15 6,093 ac------ c:\program files\install.log
2007-03-09 13:57 0 a------- c:\documents and settings\jason packer\UniUploader.exe
2007-01-23 18:01 91,348,699 ac------ c:\program files\si_tribes2_update_21570-24834_25034.exe
2007-01-20 06:43 645,670 ac------ c:\program files\uTorrent-1.6-install.exe
2007-01-17 14:30 415,784 a------- c:\program files\msgr8us.exe
2007-01-14 14:41 5,643,480 ac------ c:\program files\AA28FullInstaller_Generic.exe.part
2006-10-24 07:38 2,599,088 ac------ c:\program files\Shockwave_Installer_Slim.exe
2006-09-21 13:25 96,241 ac--h--- c:\docume~1\jasonp~1\applic~1\ptads.bin
2006-08-06 10:26 1,034,681 ac------ c:\program files\wrar36b8.exe
2006-07-20 17:04 24,265,736 ac------ c:\program files\dotnetfx.exe
2006-07-09 07:15 0 ac------ c:\docume~1\jasonp~1\applic~1\internaldb41.dat
2006-07-01 13:43 2,855,080 ac------ c:\program files\aawsepersonal.exe
2005-08-27 02:35 46 ac------ c:\documents and settings\jason packer\TJ.DAT
2009-06-07 17:13 40,960 a--sh--- c:\windows\system32\autochk.dll
============= FINISH: 17:13:55.46 ===============