Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE window closes for no reason


  • This topic is locked This topic is locked
29 replies to this topic

#1 moongazer200

moongazer200

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 12 October 2008 - 11:48 AM

When surfing the web the IE window closes with no notice...my daughter is taking an online class and this makes it difficult for her to take her tests, gather assignments etc...
please help!!!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:10 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Labtec\Mouse\2.1\moffice.exe
C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/ne...amp;Channel=OEM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.1\moffice.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: Mp3ovsys - {4FAA08AD-37C4-4A79-A1E3-5E4E96A28F53} - C:\WINDOWS\system32\icoweres.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8106 bytes

BC AdBot (Login to Remove)

 


#2 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 18 October 2008 - 03:41 PM

Wow a week and still no help :thumbsup: :)

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 18 October 2008 - 04:26 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Post back with:
-the OTViewIt log
-the Kaspersky log

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 23 October 2008 - 07:24 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 25 October 2008 - 03:35 PM

Hello.

Topic re-opened.

Please post your logs.

With Regards,
The Panda

#6 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 25 October 2008 - 03:56 PM

Sorry for sending the PM...


OTViewIT.txt log below

OTViewIt logfile created on: 10/25/2008 4:45:50 PM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 94.79 Mb Available Physical Memory | 18.85% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 67.19% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.89 Gb Total Space | 52.95 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.66 Gb Free Space | 45.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TWNABBY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/12/10 18:02:34 | 00,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/12/10 18:02:28 | 00,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2004/12/30 14:19:26 | 00,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/10/09 22:21:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2004/11/15 19:09:20 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2004/12/30 14:19:32 | 01,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2004/01/29 22:13:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2003/10/31 23:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2004/10/18 18:05:12 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
[2004/12/10 18:02:26 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2004/12/30 14:19:40 | 00,120,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2005/11/19 13:45:48 | 00,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
[2007/12/18 22:35:57 | 00,802,816 | ---- | M] () -- C:\Program Files\Labtec\Mouse\2.1\moffice.exe
[2005/01/28 06:23:22 | 00,387,584 | ---- | M] () -- C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2007/12/18 22:35:57 | 00,356,352 | ---- | M] () -- C:\Program Files\Labtec\Mouse\2.1\mouse32a.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/10/09 22:21:39 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2006/11/30 22:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/25 16:43:58 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/12/10 18:02:28 | 00,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/12/10 18:02:32 | 00,087,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/12/10 18:02:34 | 00,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2004/12/30 14:19:26 | 00,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/10/09 22:21:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/11/15 19:09:20 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2004/12/30 14:19:36 | 00,153,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/12/23 19:19:40 | 00,202,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2004/12/30 14:19:32 | 01,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2004/11/29 17:51:52 | 00,122,928 | ---- | M] (SP) -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
[2005/03/23 18:36:41 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2005/03/23 18:36:40 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2004/02/10 17:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/06/18 09:18:50 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/06/17 18:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/06/17 18:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/01/29 22:13:06 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 16:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2003/10/10 05:23:48 | 00,032,640 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX [On_Demand | Stopped])
[2004/10/07 11:21:22 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2008/10/24 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.006\naveng.sys -- (NAVENG [On_Demand | Running])
[2008/10/24 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.006\navex15.sys -- (NAVEX15 [On_Demand | Running])
[2004/08/04 01:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/02/09 15:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 15:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2003/03/18 15:00:00 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004/10/20 15:39:32 | 00,040,724 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
[2004/10/18 18:05:12 | 00,042,968 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Running])
[2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2004/03/04 23:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/12/23 19:19:16 | 00,016,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2004/12/23 19:19:18 | 00,264,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2002/12/17 16:27:58 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr [System | Running])
[2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/06/17 18:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/01/29 22:13:06 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
[2004/01/29 22:13:04 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (266558 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9233 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- Reg Error: Value does not exist. File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Mouse\2.1\moffice.exe ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"LWBKEYBOARD"=C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe ()
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"MXOBG"=C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE ()
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- Reg Error: Key does not exist or could not be opened. File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Spybot - Search & Destroy Configuration] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Spybot - Search & Destroy Configuration] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{76504F2F-6101-4D75-9ECF-BF18FF9F4F0F} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{F737A98A-4166-456B-A368-2C794D1EB09D} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Mp3ovsys"={4FAA08AD-37C4-4A79-A1E3-5E4E96A28F53} (HKLM) -- C:\WINDOWS\system32\icoweres.dll ()

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 14:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3b85ffd-3caf-11dd-a14b-001111a7b2dd}\Shell\AutoRun\command]
""=.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2008/10/25 16:43:54 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 06:37:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/18 23:04:54 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 23:04:54 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/16 13:37:37 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/16 13:37:17 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/16 13:37:02 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/16 13:36:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/16 13:36:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/16 13:36:45 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/12 20:42:58 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\McAfee Code.doc
[2008/10/12 20:40:50 | 00,007,517 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/12 20:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/10/12 20:40:23 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/10/12 20:39:38 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2008/10/12 20:35:36 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2008/10/12 20:35:31 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2008/10/12 20:35:31 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2008/10/12 20:35:30 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2008/10/12 20:35:30 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2008/10/12 20:35:22 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2008/10/12 20:34:51 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/12 20:34:49 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/10/12 20:34:25 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2008/10/12 20:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2008/10/12 12:12:52 | 52,722,4832 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/06 22:37:41 | 00,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2008/10/06 22:37:40 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2008/10/06 22:37:33 | 00,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2008/10/06 22:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2008/10/05 12:39:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2008/10/05 12:39:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/25 16:43:58 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/25 16:42:53 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/25 15:59:15 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2008/10/25 15:59:11 | 00,007,517 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/25 15:57:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/25 15:57:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/25 15:57:38 | 52,722,4832 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/25 15:23:56 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/10/25 14:44:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/25 14:44:42 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/10/18 23:04:54 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 23:04:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/16 21:05:22 | 00,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 15:27:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/12 20:42:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\McAfee Code.doc
[2008/10/12 20:40:23 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/10/12 20:34:51 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/12 20:34:49 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/10/12 13:07:56 | 00,266,558 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/12 13:07:39 | 00,266,558 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-130756.backup
[2008/10/09 15:10:59 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 23:16:41 | 05,893,914 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/06 22:37:42 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2008/10/06 22:37:33 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2008/10/05 12:40:06 | 00,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/05 11:35:31 | 00,266,386 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-130739.backup
[2008/10/02 23:03:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
< End of report >



Extras.txt log below
OTViewIt Extras logfile created on: 10/25/2008 4:45:50 PM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 94.79 Mb Available Physical Memory | 18.85% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 67.19% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.89 Gb Total Space | 52.95 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.66 Gb Free Space | 45.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TWNABBY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 22:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\Common Files\AOL\1135983817\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1135983817\ee\aim6.exe:*:Enabled:AIM
File not found -- C:\Program Files\Common Files\AOL\1142651505\ee\aolsoftware.exe:*:Enabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1142651505\ee\aim6.exe:*:Enabled:AIM
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 15:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 03:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 16:29:55 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/04 11:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 23:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}"=Roxio PhotoSuite 5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"{848AC794-8B81-440A-81AE-6474337DB527}"=Symantec AntiVirus
"{8746A60E-C4CA-4CFA-9174-B2CDABE9B6FC}"=Grand Lodge Ancient Free & Accepted Masons of Virginia
"{8912A802-1DD4-41F3-8450-B3209081BDB9}"=Sprint media manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Access 2003
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AOL Instant Messenger"=AOL Instant Messenger
"BigFix"=BigFix
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1"=SoftV92 Data Fax Modem with SmartCP
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}"=Digital Media Reader
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}"=SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Labtec Media Keyboard"=Labtec Media Keyboard V5.0
"Labtec Mouse V2.1"=Labtec Mouse V2.1
"LiveUpdate"=LiveUpdate 2.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX"=USB Storage Adapter FX (MXO)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nero BurnRights!UninstallKey"=Nero BurnRights
"Network MagicUninstall"=Network Magic
"PROSet"=Intel® PRO Network Adapters and Drivers
"RegCure"=RegCure 1.5.0.1
"Roxio UDF Reader"=Roxio UDF Reader
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy"=Yahoo! Anti-Spy
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2008 11:52:02 AM | Computer Name = TWNABBY | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\WINDOWS\system32\taskmon.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/12/2008 11:57:03 AM | Computer Name = TWNABBY | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\WINDOWS\system32\taskmon.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/12/2008 12:02:04 PM | Computer Name = TWNABBY | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\WINDOWS\system32\taskmon.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 10/12/2008 12:06:33 PM | Computer Name = TWNABBY | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\WINDOWS\system32\taskmon.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/12/2008 1:45:00 PM | Computer Name = TWNABBY | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Trojan in File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP321\A0090549.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 10/13/2008 1:58:56 PM | Computer Name = TWNABBY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2820 (0xb04) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\WINDOWS\TEMP\pn24D.tmp

by C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) 5003(0)(0) 5002(0)(1)

Error - 10/13/2008 1:58:56 PM | Computer Name = TWNABBY | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2824 (0xb08) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\midiman32.dll

by C:\WINDOWS\Explorer.EXE 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0) 5003(0)(0) 5002(0)(1)

Error - 10/13/2008 6:56:13 PM | Computer Name = TWNABBY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/15/2008 4:09:06 PM | Computer Name = TWNABBY | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/25/2008 4:45:34 PM | Computer Name = TWNABBY | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.18.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/22/2008 4:21:18 PM | Computer Name = TWNABBY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/23/2008 8:19:31 PM | Computer Name = TWNABBY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/23/2008 8:20:19 PM | Computer Name = TWNABBY | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 10/24/2008 6:43:18 AM | Computer Name = TWNABBY | Source = DCOM | ID = 10010
Description = The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register
with DCOM within the required timeout.

Error - 10/24/2008 6:43:52 AM | Computer Name = TWNABBY | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 10/24/2008 10:42:12 PM | Computer Name = TWNABBY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SAVRT' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 10/24/2008 10:44:57 PM | Computer Name = TWNABBY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 10/24/2008 10:44:57 PM | Computer Name = TWNABBY | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 10/25/2008 10:56:54 AM | Computer Name = TWNABBY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 10/25/2008 10:56:54 AM | Computer Name = TWNABBY | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053


< End of report >

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 25 October 2008 - 05:55 PM

Hello moongazer200.

You can uninstall this old version of Java:
J2SE Runtime Environment 5.0 Update 11

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Open Jotti Online Scanner, or VirusTotal Online Scanner. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\WINDOWS\system32\icoweres.dll
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


With Regards,
The Panda

#8 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 25 October 2008 - 09:45 PM

Jotti's Result:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

#9 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 25 October 2008 - 10:06 PM

Malwarebytes Log




Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 5.1.2600 Service Pack 3

10/25/2008 11:05:38 PM
mbam-log-2008-10-25 (23-05-38).txt

Scan type: Quick Scan
Objects scanned: 56048
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 26 October 2008 - 09:42 AM

Hello.

Hmm that is strange. Could you upload the file to me?

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/174008/ie-window-closes-for-no-reason/
  • Under Browse to the file you want to submit, input:
    C:\WINDOWS\system32\icoweres.dll
  • Under the comments section, say that Panda asked for the submission.
---
In the meantime, please run OTViewIt again and post back with OTViewIt.txt.

With Regards,
The Panda

#11 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 26 October 2008 - 02:45 PM

OTViewIt logfile created on: 10/26/2008 3:26:56 PM - Run 4
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop\Computer Repair
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 149.21 Mb Available Physical Memory | 29.68% Memory free
1.20 Gb Paging File | 0.81 Gb Available in Paging File | 67.70% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.89 Gb Total Space | 52.96 Gb Free Space | 74.70% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 1.66 Gb Free Space | 45.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TWNABBY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/12/10 18:02:34 | 00,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2004/12/10 18:02:28 | 00,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2004/12/30 14:19:26 | 00,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2008/10/09 22:21:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2004/11/15 19:09:20 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2004/12/30 14:19:32 | 01,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2004/01/29 22:13:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2003/10/31 23:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2004/10/18 18:05:12 | 00,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
[2004/12/10 18:02:26 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2004/12/30 14:19:40 | 00,120,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2005/11/19 13:45:48 | 00,094,208 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
[2007/12/18 22:35:57 | 00,802,816 | ---- | M] () -- C:\Program Files\Labtec\Mouse\2.1\moffice.exe
[2005/01/28 06:23:22 | 00,387,584 | ---- | M] () -- C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2007/12/18 22:35:57 | 00,356,352 | ---- | M] () -- C:\Program Files\Labtec\Mouse\2.1\mouse32a.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/10/09 22:21:39 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/04/13 20:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/25 16:43:58 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Computer Repair\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/12/10 18:02:28 | 00,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2004/12/10 18:02:32 | 00,087,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
[2004/12/10 18:02:34 | 00,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2004/12/30 14:19:26 | 00,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/10/09 22:21:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/11/15 19:09:20 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2004/12/30 14:19:36 | 00,153,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2004/12/23 19:19:40 | 00,202,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2004/12/30 14:19:32 | 01,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2004/11/29 17:51:52 | 00,122,928 | ---- | M] (SP) -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
[2005/03/23 18:36:41 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2005/03/23 18:36:40 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2004/02/10 17:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/06/18 09:18:50 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/06/17 18:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/06/17 18:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/01/29 22:13:06 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 16:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])
[2003/10/10 05:23:48 | 00,032,640 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX [On_Demand | Stopped])
[2004/10/07 11:21:22 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
[2008/10/24 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.006\naveng.sys -- (NAVENG [On_Demand | Running])
[2008/10/24 04:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081024.006\navex15.sys -- (NAVEX15 [On_Demand | Running])
[2004/08/04 01:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/02/09 15:43:56 | 00,301,200 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2004/02/09 15:43:56 | 00,037,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [Auto | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2003/03/18 15:00:00 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/01/26 14:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004/10/20 15:39:32 | 00,040,724 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
[2004/10/18 18:05:12 | 00,042,968 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39 [On_Demand | Running])
[2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2004/03/04 23:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2004/12/23 19:19:16 | 00,016,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2004/12/23 19:19:18 | 00,264,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2002/12/17 16:27:58 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr [System | Running])
[2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2004/06/17 18:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/01/29 22:13:06 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
[2004/01/29 22:13:04 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

========== (O1) Hosts File ==========

HOSTS File = (266558 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9233 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- Reg Error: Value does not exist. File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Mouse\2.1\moffice.exe ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"LWBKEYBOARD"=C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe ()
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"MXOBG"=C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE ()
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- Reg Error: Key does not exist or could not be opened. File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Spybot - Search & Destroy Configuration] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 15:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Spybot - Search & Destroy Configuration] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3454208817-536030033-210399123-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{76504F2F-6101-4D75-9ECF-BF18FF9F4F0F} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{F737A98A-4166-456B-A368-2C794D1EB09D} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Mp3ovsys"={4FAA08AD-37C4-4A79-A1E3-5E4E96A28F53} (HKLM) -- C:\WINDOWS\system32\icoweres.dll ()

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/26 14:04:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e337a41-3759-11d9-96af-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3b85ffd-3caf-11dd-a14b-001111a7b2dd}\Shell\AutoRun\command]
""=.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2008/10/25 22:47:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/10/25 22:47:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/25 22:47:00 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/25 22:46:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/25 22:46:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/25 16:57:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Computer Repair
[2008/10/24 06:37:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/18 23:04:54 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 23:04:54 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/16 13:37:37 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/16 13:37:17 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/16 13:37:02 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/16 13:36:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/16 13:36:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/16 13:36:45 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/12 20:42:58 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\McAfee Code.doc
[2008/10/12 20:40:50 | 00,007,863 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/12 20:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/10/12 20:40:23 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/10/12 20:39:38 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2008/10/12 20:35:36 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2008/10/12 20:35:31 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2008/10/12 20:35:31 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2008/10/12 20:35:30 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2008/10/12 20:35:30 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2008/10/12 20:35:22 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2008/10/12 20:34:51 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/12 20:34:49 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/10/12 20:34:25 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2008/10/12 20:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2008/10/12 12:12:52 | 52,722,4832 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/06 22:37:41 | 00,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2008/10/06 22:37:40 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2008/10/06 22:37:33 | 00,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2008/10/06 22:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2008/10/05 12:39:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2008/10/05 12:39:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/26 08:29:02 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2008/10/26 08:28:59 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 08:28:56 | 00,007,863 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/26 08:27:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 08:27:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 08:27:30 | 52,722,4832 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/25 20:44:12 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/10/25 15:23:56 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2008/10/25 14:44:49 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/18 23:04:54 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/18 23:04:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/16 21:05:22 | 00,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 15:27:40 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/12 20:42:59 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\McAfee Code.doc
[2008/10/12 20:40:23 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/10/12 20:34:51 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/12 20:34:49 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/10/12 13:07:56 | 00,266,558 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/12 13:07:39 | 00,266,558 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-130756.backup
[2008/10/09 15:10:59 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 23:16:41 | 05,893,914 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/06 22:37:42 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2008/10/06 22:37:33 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2008/10/05 12:40:06 | 00,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/05 11:35:31 | 00,266,386 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-130739.backup
[2008/10/02 23:03:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
< End of report >

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 26 October 2008 - 02:51 PM

Hello moongazer200.

That file is definately no good. Looks like something is hiding it from being uploaded.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

With Regards,
The Panda

#13 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 26 October 2008 - 08:02 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 20:58:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT E1D3AE58 ZwConnectPort

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEE9A39B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE9A3A49]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE9A395D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE9A3976]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE9A3A5D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE9A3A89]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE9A3AF7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE9A3AE1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEE9A39F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE9A3B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE9A3A35]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE9A3930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE9A3944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEE9A39C6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE9A3B5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE9A3ACB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE9A3AB5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE9A3A73]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE9A3B4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE9A3B37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE9A399E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE9A398A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE9A3A9F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE9A3A21]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE9A3B0D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEE9A3A08]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEE9A39DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EE9A39E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EE9A3A39 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EE9A3AB9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EE9A39B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EE9A398E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EE9A3A4D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EE9A3B63 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EE9A3AFB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EE9A3934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EE9A39CA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EE9A3AA3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EE9A3A0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP EE9A39F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EE9A397A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805822EC 5 Bytes JMP EE9A3A25 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EE9A3948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EE9A3B27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EE9A3AE5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EE9A3A8D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EE9A3A61 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EE9A3961 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EE9A39A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EE9A3B11 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EE9A3ACF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EE9A3A77 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EE9A3B3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EE9A3B4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 34, 84 ]
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B497FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00B67B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00B679DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00B680AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B67C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B67FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B67E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B68DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B684AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B689FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00B682EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00B6900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00B68C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Documents and Settings\Owner\Desktop\Computer Repair\gmer\gmer.exe[236] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00B6893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 35, 84 ]
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B597FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00B77B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00B779DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00B780AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B77C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B77FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B77E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B78DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B784AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B789FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00B782EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00B7900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00B78C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe[280] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00B7893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C0006C
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F6D
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C000B5
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000DA
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F41
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C000F5
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C0008E
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C00F52
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0036
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0FAF
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] kernel32.dll!CreateFileA + 2 7C801A2A 1 Byte [ 7C ]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] kernel32.dll!CreateFileA + 4 7C801A2C 1 Byte [ 89 ]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 060B97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 060D80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 060D7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 060D7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 060D7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 060D8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 060D84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 060D89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 060D82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 060D900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 060D8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 060D893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 060D7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[556] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 060D79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070062
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F6D
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F21
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F48
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070EEB
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F06
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070ED0
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070073
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070084
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060F76
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060F9B
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 26, 88 ]
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F57
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F72
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F29
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0071
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0EF6
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F07
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0EDB
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0F46
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB0F18
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA002F
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA0FE5
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA0065
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BA004A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80086
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8006B
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B8004E
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80F9B
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800BE
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F76
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F36
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F51
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B800F4
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B8003D
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B80097
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80FC0
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B800CF
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B70FC3
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B70F94
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B70014
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B70051
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B70040
.text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B70025
.text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0000
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 8C, 84 ]
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] kernel32.dll!CreateFileW 7C8107F0 3 Bytes JMP 010C97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] kernel32.dll!CreateFileW + 4 7C8107F4 1 Byte [ 84 ]
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 010E7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 010E79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 010E80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 010E7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010E84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 010E82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 010E900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 010E8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[968] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 010E893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0096
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB007B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB005E
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0FA1
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB0F5F
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB00B1
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00DD
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F44
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CB00F8
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CB0FB2
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CB0F86
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CB00CC
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA0FDB
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA0F8A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA002C
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA0FA5
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CA003D
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0FC0
.text C:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80000
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02700000
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02700FA8
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0270009D
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02700FC3
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02700080
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02700FD4
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 027000D5
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 027000AE
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02700F4D
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027000E6
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 027000F7
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02700065
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0270001B
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02700F83
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02700FE5
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02700036
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02700F68
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 026F000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 026F0036
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 026F0FB9
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 026F0FD4
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 026F0025
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 026F0FE5
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 026F0F83
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 8F, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 026F0F94
.text C:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E60000
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01E7001B
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01E7000A
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01E70FE5
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 01E70038
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, B6, 84 ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 013697FC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 01387B3C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 013879DC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 013880AC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01387C2C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01387FAC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01387E3C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01388DDC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013884AC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013889FC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 013882EC C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 0138900C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 01388C8C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1204] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0138893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 3D, 84 ]
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00BF7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00BF79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00BF80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BF7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BF8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BF89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00BF82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00BF900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00BF8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\moffice.exe[1236] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00BF893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F6F
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770064
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770047
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770036
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FAF
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700B7
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770090
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007700D9
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770F4A
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00770F25
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00770F94
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00770075
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007700C8
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00760FB2
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00760F79
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00760FCD
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00760FDE
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00760040
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0076001E
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0F99
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0FAA
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0084
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0073
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD00E1
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD00D0
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F63
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F74
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AD0121
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AD0058
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00AD00B3
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AD00FC
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009C0011
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009C0F79
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009C0FC0
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009C0F94
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 009C002C
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009C0FA5
.text C:\WINDOWS\system32\svchost.exe[1416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 009A0FE5
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\svchost.exe[1416] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016A0000
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016A0062
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 016A0F6D
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 016A0047
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 016A0F8A
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 016A0FAF
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 016A009A
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 016A0F52
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016A0F1F
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 016A0F30
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 016A00C9
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 016A0036
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 016A0011
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 016A0073
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 016A0FC0
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 016A0FDB
.text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 016A0F41
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 3 Bytes JMP 01690FC0
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExW + 4 77DD6AA3 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExW 77DD775C 3 Bytes JMP 01690FA5
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExW + 4 77DD7760 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExA 77DD7842 3 Bytes JMP 0169001B
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyExA + 4 77DD7846 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyW 77DD7936 3 Bytes JMP 0169000A
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyW + 4 77DD793A 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 3 Bytes JMP 01690062
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyExA + 4 77DDE9E8 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 3 Bytes JMP 01690FEF
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegOpenKeyA + 4 77DDEFBC 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01690051
.text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0169002C
.text C:\WINDOWS\Explorer.EXE[1568] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 02437B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 024379DC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WININET.dll!InternetOpenW 771BAF39 5 Bytes JMP 01670FDE
.text C:\WINDOWS\Explorer.EXE[1568] WININET.dll!InternetOpenA 771C5786 5 Bytes JMP 01670FEF
.text C:\WINDOWS\Explorer.EXE[1568] WININET.dll!InternetOpenUrlA 771C5A52 5 Bytes JMP 01670FCD
.text C:\WINDOWS\Explorer.EXE[1568] WININET.dll!InternetOpenUrlW 771D5BA2 5 Bytes JMP 0167002A
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 024380AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02437C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01830FEF
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 02437FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02437E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02438DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!recv 71AB676F 5 Bytes JMP 024384AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 024389FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 024382EC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 0243900C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 02438C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0243893C C:\WINDOWS\system32\sapivmin.dll
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1992] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 17, 84 ]
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009797FC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00997B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 009979DC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009980AC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00997C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00997FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00997E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00998DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009984AC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009989FC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009982EC C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 0099900C C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00998C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[2096] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0099893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 8C, 84 ]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] kernel32.dll!CreateFileW 7C8107F0 3 Bytes JMP 010C97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] kernel32.dll!CreateFileW + 4 7C8107F4 1 Byte [ 84 ]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 010E7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 010E79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 010E80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 010E7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010E84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 010E82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 010E900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 010E8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2380] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 010E893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 1B, 84 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009B97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 009D7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 009D79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009D80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009D7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 009D7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009D7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009D8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009D84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009D89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009D82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 009D900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 009D8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 009D893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 19, 84 ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009997FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 009B7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 009B79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009B80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009B7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 009B7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009B7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009B8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009B84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009B89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009B82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 009B900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 009B8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3008] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 009B893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\WINDOWS\system32\hkcmd.exe[3104] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 15, 84 ]
.text C:\WINDOWS\system32\hkcmd.exe[3104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009597FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00977B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 009779DC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009780AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00977C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00977FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00977E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00978DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009784AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009789FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009782EC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 0097900C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00978C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\hkcmd.exe[3104] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0097893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\WINDOWS\system32\ctfmon.exe[3204] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 1E, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[3204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009E97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00A07B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00A079DC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00A080AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A07C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A07FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A07E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A08DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A084AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A089FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00A082EC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00A0900C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00A08C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\system32\ctfmon.exe[3204] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00A0893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 23, 84 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A397FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00A57B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00A579DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00A580AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A57C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A57FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A57E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A58DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A584AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A589FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00A582EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00A5900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00A58C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3276] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00A5893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 26, 84 ]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A697FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00A87B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00A879DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00A880AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A87C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A87FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A87E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A88DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A884AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A889FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00A882EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00A8900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00A88C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3300] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00A8893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 58, 84 ]
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D897FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00DA7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00DA79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00DA80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DA7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DA7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DA7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DA8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DA84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DA89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00DA82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00DA900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00DA8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3364] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00DA893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 3C, 84 ]
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00BE7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00BE79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00BE80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BE7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BE7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BE7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BE84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BE89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00BE82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00BE900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00BE8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Labtec\Mouse\2.1\MOUSE32A.EXE[3424] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00BE893C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00967B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 009679DC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009680AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00967C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00967FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00967E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00968DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009684AC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009689FC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009682EC C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 0096900C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00968C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3504] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0096893C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] kernel32.dll!CreateFileA 7C801A28 1 Byte [ E9 ]
.text C:\WINDOWS\MXOALDR.EXE[3972] kernel32.dll!CreateFileA + 2 7C801A2A 3 Bytes [ 7C, 2C, 84 ]
.text C:\WINDOWS\MXOALDR.EXE[3972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AC97FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] Secur32.dll!EncryptMessage 77FEA5FB 5 Bytes JMP 00AE7B3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] Secur32.dll!DecryptMessage 77FEA64A 5 Bytes JMP 00AE79DC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00AE80AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AE7C2C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00AE7FAC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AE7E3C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE8DDC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00AE84AC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AE89FC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00AE82EC C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00AE900C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00AE8C8C C:\WINDOWS\system32\sapivmin.dll
.text C:\WINDOWS\MXOALDR.EXE[3972] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00AE893C C:\WINDOWS\system32\sapivmin.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 27 October 2008 - 10:48 AM

Hello.

You have 2 antiviruses, Symantec and Mcafee, please uninstall one before continueing.

This is unusual. Can you try to upload this file to Jotti? Likely you will not be able to.
C:\WINDOWS\system32\sapivmin.dll

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable McAfee:
  • Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
    Right-click it -> chose Exit.
  • A popup will warn that protection will now be disabled. Click on Yes to disable the Antivirus guard.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are using Vista. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Also include a new HijackThis log in your next reply.

With Regards,
The Panda

#15 moongazer200

moongazer200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:06:55 PM

Posted 27 October 2008 - 05:18 PM

scanned with jotti - got the following response:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users