Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Cleaner maybe Vundo virus.


  • This topic is locked This topic is locked
4 replies to this topic

#1 latinageek

latinageek

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 12 December 2008 - 11:37 AM

I am not able to identify the virus that is on my laptop. The following link always pops up:

<hxxp://pantomi.com/r_cmtp?u=hxxp://url.adtrgt.com/cpv.jsp?p=110380&aid=463&ip=75.63.10.200&url=hxxp://memorial.mcallenisd.org/&selectedKeyword=ron&selectedListingId=7293783&default=hxxp://gallimp.com/soft_fail?c=mg_ron&b=2.6&affid=170802&cuid=71f8e0eac5fc11dd98f800304890471a&rid=860480&c=mg_ron&b=0.936&o=2.6&cuid=6ae553505eb39f40a63a20a043d0aed8&suid=71f8e0eac5fc11dd98f800304890471a&affid=170802&tid=iu0004&rid=860480>

As per the instructions I ran the RSI program with the 2 text file results pasted below:

info.txt logfile of random's system information tool 1.04 2008-12-12 07:16:24

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 4.1-->C:\PROGRA~1\ACOUST~1\Unwise.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell 968 AIO Printer-->C:\Program Files\Dell 968 AIO Printer\Install\x86\Uninst.exe
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OPSWAT AntiVirus and Firewall Integration Libraries-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Progra~1\F5\OPSWAT_\AVSDK\AVDLLs\f5opswati.inf,DefaultUninstall
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Palm® Support Center-->C:\Program Files\Palm\Windows Mobile Device Handbook\Bin\DHUninstall.exe
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RON Tool Banners4u-->C:\WINDOWS\system32\qleyytctjqizp.exe
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SealedMedia Unsealer 5.2.25-->MsiExec.exe /X{E613ECA8-7C74-4F7D-98B8-D8C1426A8A2F}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by imelda leal at 2008-12-12 07:16:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 211 GB (91%) free of 232 GB
Total RAM: 3062 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:21 AM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\Event Agent\bin\smss .exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\Event Agent\bin\services .exe
C:\WINDOWS\system32\Event Agent\lsass .exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\imelda leal\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\imelda leal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080315
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://memorial.mcallenisd.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080315
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5meen_us/122
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {d8fdbe0c-47c2-4b4e-b6e8-e0192572330a} - C:\WINDOWS\system32\wuholove.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205605828\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [bezavojate] Rundll32.exe "C:\WINDOWS\system32\towiyaha.dll",s
O4 - HKLM\..\Run: [4c5ae8fb] rundll32.exe "C:\WINDOWS\system32\yikizafe.dll",b
O4 - HKLM\..\Run: [CPM4f69db67] Rundll32.exe "c:\windows\system32\jabovazo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [bezavojate] Rundll32.exe "C:\WINDOWS\system32\magohupa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bezavojate] Rundll32.exe "C:\WINDOWS\system32\magohupa.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028NTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\kerebuna.dll c:\windows\system32\vidadori.dll C:\WINDOWS\system32\tukibazi.dll C:\WINDOWS\system32\towiyaha.dll c:\windows\system32\jabovazo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Event Agent - C:\WINDOWS\SYSTEM32\CustomEvents.dll
O23 - Service: McAfee Application Installer Cleanup (0237151229085996) (0237151229085996mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023715~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13857 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-10-24 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-21 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8fdbe0c-47c2-4b4e-b6e8-e0192572330a}]
C:\WINDOWS\system32\wuholove.dll [2008-09-11 62536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-09 851968]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-09 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-09 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-09 137752]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-03 1228800]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-07-09 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-11-01 189736]
"HostManager"=C:\Program Files\Common Files\AOL\1205605828\EE\AOLHostManager.exe [2004-11-03 125528]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-10-18 79448]
"dldomon.exe"=C:\Program Files\Dell 968 AIO Printer\dldomon.exe [2007-10-05 455920]
"MemoryCardManager"=C:\Program Files\Dell 968 AIO Printer\memcard.exe [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"=C:\Program Files\Dell 968 AIO Printer\fm3032.exe [2007-10-05 312560]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-15 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"sealmon"=C:\Program Files\SealedMedia\sealmon.exe [2007-06-04 296080]
"Event Agent"=C:\WINDOWS\system32\Event Agent\bin\smss .exe [2008-06-16 196676]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"bezavojate"=C:\WINDOWS\system32\towiyaha.dll []
"4c5ae8fb"=C:\WINDOWS\system32\yikizafe.dll [2008-12-11 86266]
"CPM4f69db67"=c:\windows\system32\jabovazo.dll [2008-12-11 91251]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-06 68856]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\imelda leal\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\kerebuna.dll c:\windows\system32\vidadori.dll C:\WINDOWS\system32\tukibazi.dll C:\WINDOWS\system32\towiyaha.dll c:\windows\system32\jabovazo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Event Agent]
C:\WINDOWS\system32\CustomEvents.dll [2007-09-24 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\tukibazi.dll
C:\WINDOWS\system32\towiyaha.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1205605828\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1205605828\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Dell 968 AIO Printer\dldomon.exe"="C:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor"
"C:\Documents and Settings\abel leal\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe"="C:\Documents and Settings\abel leal\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe:*:Enabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable"
"C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe"="C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe"
"C:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe"="C:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe:*:Enabled: "
"C:\WINDOWS\system32\dldocfg.exe"="C:\WINDOWS\system32\dldocfg.exe:*:Enabled:Printer Communication System"
"C:\WINDOWS\system32\dldocoms.exe"="C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe:*:Enabled:Dell Web Gateway"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\WINDOWS\Downloaded Program Files\TunnelServer.exe"="C:\WINDOWS\Downloaded Program Files\TunnelServer.exe:*:Enabled:TunnelServer"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Dell 968 AIO Printer\DLDOFax.exe"="C:\Program Files\Dell 968 AIO Printer\DLDOFax.exe:*:Enabled:Fax Solutions Software"
"C:\WINDOWS\system32\Event Agent\Bin\services .exe"="C:\WINDOWS\system32\Event Agent\Bin\services .exe:*:Enabled:EventAgentScanner"
"C:\WINDOWS\system32\Event Agent\Bin\spoolsv .exe"="C:\WINDOWS\system32\Event Agent\Bin\spoolsv .exe:*:Enabled:EventAgentStartup"
"C:\WINDOWS\system32\Event Agent\lite.exe"="C:\WINDOWS\system32\Event Agent\lite.exe:*:Enabled:EventAgentLite"
"C:\WINDOWS\system32\Event Agent\Bin\smss .exe"="C:\WINDOWS\system32\Event Agent\Bin\smss .exe:*:Enabled:EventAgentKey"
"C:\WINDOWS\system32\Event Agent\Bin\EventAgentRegistry.exe"="C:\WINDOWS\system32\Event Agent\Bin\EventAgentRegistry.exe:*:Enabled:EventAgentRegistry"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe:*:Enabled:sprtcmd"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\Program Files\McAfee.com\Agent\mcagent.exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe:*:Enabled:mcagent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4240-b435-11dd-a5da-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4241-b435-11dd-a5da-00038a000015}]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4246-b435-11dd-a5da-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4248-b435-11dd-a5da-00038a000015}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da54ff30-0139-11dd-a576-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f91a9de5-a40f-11dd-a5d8-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-12 07:16:19 ----D---- C:\rsit
2008-12-12 06:46:33 ----D---- C:\WINDOWS\LastGood
2008-12-11 20:17:58 ----SH---- C:\WINDOWS\system32\efazikiy.ini
2008-12-11 06:41:18 ----SH---- C:\WINDOWS\system32\ozakokur.ini
2008-12-10 23:28:53 ----A---- C:\WINDOWS\system32\WOEM_3_2awoem.tmp
2008-12-10 20:09:27 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 10:46:05 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-10 10:45:56 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-10 10:45:56 ----D---- C:\Documents and Settings\imelda leal\Application Data\SUPERAntiSpyware.com
2008-12-10 08:20:47 ----SH---- C:\WINDOWS\system32\oyinibul.ini
2008-12-09 23:27:57 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-12-09 23:05:06 ----D---- C:\Program Files\Lavasoft
2008-12-09 23:05:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-09 23:04:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-09 22:56:06 ----D---- C:\Program Files\Trend Micro
2008-12-09 20:20:19 ----SH---- C:\WINDOWS\system32\ahifasoy.ini
2008-12-09 09:16:12 ----A---- C:\WINDOWS\system32\~.exe
2008-12-09 08:19:58 ----SH---- C:\WINDOWS\system32\okusival.ini
2008-12-08 12:10:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-08 12:10:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-08 12:10:01 ----A---- C:\WINDOWS\system32\java.exe
2008-12-08 12:10:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-05 19:24:29 ----A---- C:\WINDOWS\system32\qleyytctjqizp.exe
2008-12-05 19:24:25 ----D---- C:\WINDOWS\system32\ta
2008-12-05 19:24:24 ----D---- C:\WINDOWS\system32\VC
2008-12-05 19:24:24 ----D---- C:\WINDOWS\system32\ki3
2008-12-05 19:24:24 ----D---- C:\WINDOWS\system32\din
2008-12-05 19:24:21 ----D---- C:\Temp
2008-11-16 17:26:00 ----D---- C:\Program Files\Common Files\SWF Studio

======List of files/folders modified in the last 1 months======

2008-12-12 07:16:21 ----D---- C:\WINDOWS\Temp
2008-12-12 06:46:47 ----D---- C:\WINDOWS\Prefetch
2008-12-12 06:46:36 ----HD---- C:\WINDOWS\inf
2008-12-12 06:46:33 ----D---- C:\WINDOWS
2008-12-12 06:46:32 ----D---- C:\Program Files\McAfee
2008-12-11 22:42:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 21:35:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 21:28:57 ----D---- C:\WINDOWS\system32
2008-12-11 21:28:07 ----SHD---- C:\WINDOWS\Installer
2008-12-11 21:27:30 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 21:25:58 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-11 21:24:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 20:17:49 ----N---- C:\WINDOWS\system32\jabovazo.dll
2008-12-11 20:17:49 ----ASH---- C:\WINDOWS\system32\yikizafe.dll
2008-12-11 06:41:11 ----ASH---- C:\WINDOWS\system32\huheliva.dll
2008-12-11 06:41:10 ----N---- C:\WINDOWS\system32\rukokazo.dll
2008-12-10 11:16:00 ----D---- C:\Program Files
2008-12-10 08:20:39 ----N---- C:\WINDOWS\system32\lubiniyo.dll
2008-12-09 23:04:11 ----D---- C:\Program Files\Common Files
2008-12-09 20:20:14 ----N---- C:\WINDOWS\system32\yosafiha.dll
2008-12-09 08:19:56 ----ASH---- C:\WINDOWS\system32\kikuvupi.dll
2008-12-09 08:19:55 ----N---- C:\WINDOWS\system32\lavisuko.dll
2008-12-08 12:09:43 ----D---- C:\Program Files\Java
2008-12-08 06:48:01 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-08 06:47:51 ----D---- C:\Program Files\Creative
2008-12-05 19:10:30 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 12:51:48 ----D---- C:\Documents and Settings\imelda leal\Application Data\Corel
2008-11-29 03:02:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-27 18:42:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-19 10:48:07 ----D---- C:\Documents and Settings\imelda leal\Application Data\U3
2008-11-17 12:16:28 ----D---- C:\Program Files\Acoustica Mixcraft 4
2008-11-16 14:32:59 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-15 21393]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-03-15 8552]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-10 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-10 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-10 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-07-10 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-09 5707744]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-12 2211456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-07-09 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-09 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a); C:\WINDOWS\system32\drivers\WOEM_3_2a.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mam4410c;mam4410c; C:\WINDOWS\System32\Drivers\mam4410c.sys [2005-06-16 24784]
S3 mam4410m;mam4410m; C:\WINDOWS\System32\Drivers\mam4410m.sys [2005-06-16 25044]
S3 mam4410u;mam4410u; C:\WINDOWS\System32\Drivers\mam4410u.sys [2007-03-19 52309]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 dldo_device;dldo_device; C:\WINDOWS\system32\dldocoms.exe [2007-10-05 595184]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 System Event Agent;System Event Agent; C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe [2007-12-08 102400]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0237151229085996mcinstcleanup;McAfee Application Installer Cleanup (0237151229085996); C:\WINDOWS\TEMP\023715~1.EXE [2008-07-09 315264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Thank you for your assistance.

Edited by Orange Blossom, 11 February 2013 - 03:07 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 13 December 2008 - 06:23 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post these logs in your next reply..

1. ComboFix
2. A fresh HijackThis log
3. Attach GMER report


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 latinageek

latinageek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 December 2008 - 05:10 PM

Thank you for your response. I have attached the logs requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:58 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Event Agent\bin\services .exe
C:\WINDOWS\system32\Event Agent\lsass .exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\WINDOWS\system32\Event Agent\bin\smss .exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://memorial.mcallenisd.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080315
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5meen_us/122
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205605828\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028NTUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Event Agent - C:\WINDOWS\SYSTEM32\CustomEvents.dll
O23 - Service: McAfee Application Installer Cleanup (0237151229085996) (0237151229085996mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\023715~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12817 bytes

ComboFix 08-12-13.03 - imelda leal 2008-12-20 15:33:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1960 [GMT -6:00]
Running from: c:\documents and settings\imelda leal\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\abel leal\Application Data\FunWebProducts
c:\documents and settings\abel leal\Application Data\FunWebProducts\Data\abel leal\avatar.dat
c:\documents and settings\abel leal\Application Data\FunWebProducts\Data\abel leal\zbucks.dat
c:\documents and settings\imelda leal\Application Data\FunWebProducts
c:\documents and settings\imelda leal\Application Data\FunWebProducts\Data\imelda leal\avatar.dat
c:\documents and settings\imelda leal\Application Data\FunWebProducts\Data\imelda leal\register.dat
c:\documents and settings\imelda leal\Application Data\FunWebProducts\Data\imelda leal\zbucks.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\system32\~.exe
c:\windows\system32\ahifasoy.ini
c:\windows\system32\bawegojo.dll
c:\windows\system32\boniheze.dll
c:\windows\system32\dadubemu.dll
c:\windows\system32\efazikiy.ini
c:\windows\system32\gumeyesu.dll
c:\windows\system32\huheliva.dll
c:\windows\system32\inojunut.ini
c:\windows\system32\isosunoj.ini
c:\windows\system32\jabovazo.dll
c:\windows\system32\jonusosi.dll
c:\windows\system32\ki3
c:\windows\system32\kikuvupi.dll
c:\windows\system32\lavisuko.dll
c:\windows\system32\lubiniyo.dll
c:\windows\system32\okusival.ini
c:\windows\system32\onuzipiw.ini
c:\windows\system32\oyinibul.ini
c:\windows\system32\ozakokur.ini
c:\windows\system32\pidubuki.dll
c:\windows\system32\rukokazo.dll
c:\windows\system32\tapilumu.dll
c:\windows\system32\tukibazi.dll
c:\windows\system32\tunujoni.dll
c:\windows\system32\uganumoy.ini
c:\windows\system32\umebudad.ini
c:\windows\system32\useyemug.ini
c:\windows\system32\VC
c:\windows\system32\vikefuto.dll
c:\windows\system32\wipizuno.dll
c:\windows\system32\wuholove.dll
c:\windows\system32\x64
c:\windows\system32\yikizafe.dll
c:\windows\system32\yodutiti.dll
c:\windows\system32\yomunagu.dll
c:\windows\system32\yosafiha.dll
c:\windows\system32\zevigulo.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-12 17:38 . 2008-12-12 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-12 07:16 . 2008-12-12 07:16 <DIR> d-------- C:\rsit
2008-12-10 23:28 . 2008-12-20 15:39 90,112 --a------ c:\windows\system32\WOEM_3_2awoem.tmp
2008-12-10 20:11 . 2008-12-10 20:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-10 10:46 . 2008-12-10 10:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-10 10:45 . 2008-12-10 10:45 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-10 10:45 . 2008-12-10 10:45 <DIR> d-------- c:\documents and settings\imelda leal\Application Data\SUPERAntiSpyware.com
2008-12-09 23:05 . 2008-12-09 23:05 <DIR> d-------- c:\program files\Lavasoft
2008-12-09 23:05 . 2008-12-09 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 23:04 . 2008-12-10 10:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-09 22:56 . 2008-12-09 22:56 <DIR> d-------- c:\program files\Trend Micro
2008-12-08 12:10 . 2008-12-08 12:09 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-05 19:24 . 2008-12-05 19:24 <DIR> d-------- c:\windows\system32\ta
2008-12-05 19:24 . 2008-12-05 19:24 <DIR> d-------- c:\windows\system32\din
2008-12-05 19:24 . 2008-12-20 15:33 <DIR> d-------- C:\Temp
2008-12-05 19:24 . 2008-12-05 19:24 47,598 --a------ c:\windows\system32\qleyytctjqizp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 12:46 --------- d-----w c:\program files\McAfee
2008-12-08 18:09 --------- d-----w c:\program files\Java
2008-12-08 12:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 12:47 --------- d-----w c:\program files\Creative
2008-12-01 18:51 --------- d-----w c:\documents and settings\imelda leal\Application Data\Corel
2008-11-19 16:48 --------- d-----w c:\documents and settings\imelda leal\Application Data\U3
2008-11-17 18:16 --------- d-----w c:\program files\Acoustica Mixcraft 4
2008-11-16 23:26 --------- d-----w c:\program files\Common Files\SWF Studio
2008-11-12 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 01:16 0 ----a-w c:\documents and settings\imelda leal\Application Data\wklnhst.dat
2008-10-27 01:16 --------- d-----w c:\documents and settings\imelda leal\Application Data\Template
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:13 --------- d-----w c:\documents and settings\abel leal\Application Data\SealedMedia
2008-10-21 21:57 --------- d-----w c:\program files\Windows Media Connect 2
2008-04-08 13:26 156 ----a-w c:\documents and settings\abel leal\Application Data\wklnhst.dat
2008-09-19 18:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-09 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-09 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-09 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"HostManager"="c:\program files\Common Files\AOL\1205605828\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-15 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2007-06-04 296080]
"Event Agent"="c:\windows\system32\Event Agent\bin\smss .exe" [2008-06-16 196676]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]

c:\documents and settings\imelda leal\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-03-15 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Event Agent]
2007-09-24 22:27 53248 c:\windows\system32\CustomEvents.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 2293220 (0x22fde4)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1205605828\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\Wireless\\dldowpss.exe"=
"c:\\WINDOWS\\system32\\dldocfg.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldowbgw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\WINDOWS\\system32\\Event Agent\\Bin\\services .exe"=
"c:\\WINDOWS\\system32\\Event Agent\\Bin\\spoolsv .exe"=
"c:\\WINDOWS\\system32\\Event Agent\\lite.exe"=
"c:\\WINDOWS\\system32\\Event Agent\\Bin\\smss .exe"=
"c:\\WINDOWS\\system32\\Event Agent\\Bin\\EventAgentRegistry.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service []
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 System Event Agent;System Event Agent;c:\windows\system32\Event Agent\bin\spoolsv .exe [2007-12-08 102400]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-15 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-15 7424]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\WOEM_3_2a.sys []
S2 0237151229085996mcinstcleanup;McAfee Application Installer Cleanup (0237151229085996);c:\windows\TEMP\023715~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 mam4410c;mam4410c;c:\windows\system32\Drivers\mam4410c.sys [2008-07-30 24784]
S3 mam4410m;mam4410m;c:\windows\system32\Drivers\mam4410m.sys [2008-07-30 25044]
S3 mam4410u;mam4410u;c:\windows\system32\Drivers\mam4410u.sys [2008-07-30 52309]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4240-b435-11dd-a5da-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4241-b435-11dd-a5da-00038a000015}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4246-b435-11dd-a5da-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4248-b435-11dd-a5da-00038a000015}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da54ff30-0139-11dd-a576-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f91a9de5-a40f-11dd-a5d8-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - 0237151229085996MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder

2008-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d8fdbe0c-47c2-4b4e-b6e8-e0192572330a} - c:\windows\system32\wuholove.dll
HKLM-Run-bezavojate - c:\windows\system32\towiyaha.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://memorial.mcallenisd.org/
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm028NTUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\imelda leal\Application Data\Mozilla\Firefox\Profiles\1iaqq5tq.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 15:43:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\CustomEvents.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe
c:\windows\system32\dldocoms.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\Event Agent\Bin\services .exe
c:\windows\system32\Event Agent\lsass .exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-12-20 15:47:55 - machine was rebooted [imelda leal]
ComboFix-quarantined-files.txt 2008-12-20 21:47:51

Pre-Run: 221,211,590,656 bytes free
Post-Run: 221,481,476,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

302 --- E O F --- 2008-11-12 19:17:36

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 15:59:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA77E49AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA77E4A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA77E4958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA77E496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA77E4A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA77E4A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA77E4AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA77E4AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA77E49EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA77E4B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA77E4A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA77E4930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA77E4944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA77E49BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA77E4B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA77E4AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA77E4AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA77E4A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA77E4B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA77E4B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA77E4996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA77E4982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA77E4A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA77E4A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA77E4B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA77E4A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA77E49D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A77E49D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A77E49AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A77E49EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A77E4A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A77E49C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A77E4934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A77E4948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A77E4986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A77E4970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A77E495C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A77E499A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A77E4A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP A77E4AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP A77E4A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP A77E4B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP A77E4AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A77E4A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP A77E4A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A77E4A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP A77E4A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP A77E4AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP A77E4ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP A77E4A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP A77E4B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP A77E4B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP A77E4B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP A77E4B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? system32\drivers\WOEM_3_2a.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[224] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[552] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00DB6CC0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 00DB98D0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00DB6E30 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB6200 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 00DB94F0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 00DB77B0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!OpenFileMappingW 7C80BB6A 5 Bytes JMP 00DB97B0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!DuplicateHandle 7C80DE8E 5 Bytes JMP 00DB93A0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 00DB8FE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindClose 7C80EE67 5 Bytes JMP 00DB9100 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindFirstFileW 7C80EF71 5 Bytes JMP 00DB8EE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindNextFileW 7C80EFCA 5 Bytes JMP 00DB91E0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB6750 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileSize 7C810B07 5 Bytes JMP 00DB7530 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!SetFilePointer 7C810C1E 5 Bytes JMP 00DB73E0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!WriteFile 7C810E17 5 Bytes JMP 00DB70B0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileType 7C810EE1 5 Bytes JMP 00DB7B40 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 00DB7820 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileAttributesA 7C8115CC 5 Bytes JMP 00DB7730 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FlushFileBuffers 7C8126D1 5 Bytes JMP 00DB7360 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindFirstFileA 7C813869 2 Bytes JMP 00DB8DE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindFirstFileA + 3 7C81386C 2 Bytes [ 5A, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00DB8380 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00DB7CE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00DB7EF0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetFileTime 7C831C35 5 Bytes JMP 00DB7920 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!SetFileTime 7C831CA8 5 Bytes JMP 00DB7A30 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 00DB89B0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00DB8AF0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!SetEndOfFile 7C83205E 2 Bytes JMP 00DB7610 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!SetEndOfFile + 3 7C832061 2 Bytes [ 58, 84 ]
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!UnlockFile 7C8322D4 5 Bytes JMP 00DB7C50 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!LockFile 7C832379 5 Bytes JMP 00DB7BC0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!FindNextFileA 7C834EC9 5 Bytes JMP 00DB9170 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!_hread 7C8353E6 5 Bytes JMP 00DB8C30 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!_llseek 7C83541E 5 Bytes JMP 00DB8D50 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 00DB8600 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!GetShortPathNameA 7C835BC8 5 Bytes JMP 00DB9250 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00DB8100 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!ReplaceFile 7C836C54 5 Bytes JMP 00DB8890 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] kernel32.dll!_hwrite 7C838AFF 5 Bytes JMP 00DB8CC0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00DB5530 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00DB4FD0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!StretchBlt 77F1B6C0 5 Bytes JMP 00DB5370 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00DB5170 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00DB4AB0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00DB4C90 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!CopyEnhMetaFileW 77F278EE 5 Bytes JMP 00DB5FF0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!CopyMetaFileW 77F2832E 5 Bytes JMP 00DB5DE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!CopyMetaFileA 77F285F2 5 Bytes JMP 00DB5950 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!GetMetaFileW 77F382E7 5 Bytes JMP 00DB5B60 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!GetEnhMetaFileW 77F3954D 5 Bytes JMP 00DB5CA0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!GetMetaFileA 77F43F49 5 Bytes JMP 00DB56D0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!StartDocW 77F45695 5 Bytes JMP 00DBAB00 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!StartDocA 77F45BA9 5 Bytes JMP 00DBAA30 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] GDI32.dll!GetEnhMetaFileA 77F4AB05 5 Bytes JMP 00DB5810 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00DB54B0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00DB4E70 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00DB4F60 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00DB5600 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00DB4EE0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[552] ole32.dll!DoDragDrop 775D0B6D 5 Bytes JMP 00DB99D0 C:\Program Files\SealedMedia\SEALNT.DLL (SealedMedia Library/Oracle Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B005D
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F68
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F79
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0089
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0078
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F0B
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00A4
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0EFA
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0F4D
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B0FA5
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[936] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F26
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0F72
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F83
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0025
.text C:\WINDOWS\system32\wuauclt.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0F9E
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0007006E
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700DC
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700CB
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0007010B
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00060069
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00060047
.text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0006002C
.text C:\WINDOWS\system32\services.exe[1016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF0FEF
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DF0F7C
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DF0F97
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF0065
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DF004A
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF0FB2
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DF00AE
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DF009D
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DF00DA
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DF0F41
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DF0F30
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DF0039
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DF008C
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DF0FCD
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DF0FDE
.text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DF00C9
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DE0051
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DE0FAF
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DE0036
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DE0025
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DE0076
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00DE0FD4
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ FE, 88 ]
.text C:\WINDOWS\system32\lsass.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\system32\lsass.exe[1028] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F8A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C2007F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20FAF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F4D
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F68
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200C1
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200B0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C200D2
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F79
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FDB
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20F32
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C10F83
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E1, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B20098
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20087
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20FAF
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B2006C
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B20F50
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B20F77
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20F13
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20F24
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B200C7
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B2005B
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B20F92
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B20FDB
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B20022
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B20F35
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B10F72
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B10FD4
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B10F8D
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B10FA8
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ D1, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B10FB9
.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F6D
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F88
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D2006C
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20051
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D20098
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F50
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F2B
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200C4
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D200D5
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20040
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D2001B
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D2007D
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D200A9
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D1006C
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F1, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D10FC0
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03660000
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03660F4B
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03660F5C
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03660F77
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03660040
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0366002F
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03660EFF
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03660051
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03660EB8
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03660ED3
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0366006C
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03660F9E
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03660FE5
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03660F30
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03660FB9
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03660FCA
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03660EEE
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 028C0FE5
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 028C0091
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 028C0036
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 028C001B
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 028C0FCA
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 028C000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 028C006C
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 028C0051
.text C:\WINDOWS\System32\svchost.exe[1392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 028A0FE5
.text C:\WINDOWS\System32\svchost.exe[1392] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\System32\svchost.exe[1392] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 028D0000
.text C:\WINDOWS\System32\svchost.exe[1392] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 028D0011
.text C:\WINDOWS\System32\svchost.exe[1392] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 028D0FC0
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007F00A4
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007F0FB9
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007F0093
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007F0FCA
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007F0F6F
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007F0F8A
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007F0F28
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007F0F4D
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007F0F17
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007F006C
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007F00B5
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007F0051
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007F0036
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007F0F5E
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007E001E
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007E006F
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007E0FD4
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007E005E
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 007E0043
.text C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007E0FB2
.text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F79
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30078
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30F3A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30F4B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300D3
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E300AE
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E30F1F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E30F68
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E3009D
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E10036
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E10FAF
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E10062
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E10051
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DF0000
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E20025
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B007F
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0064
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F4A
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F65
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00BE
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00AD
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001B0F0A
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001B0090
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[2696] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001B0F2F
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002B0F79
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002B0F94
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 002B0036
.text C:\WINDOWS\system32\wuauclt.exe[2696] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002B0FAF
.text C:\WINDOWS\system32\wuauclt.exe[2696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003C0000
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A007B
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0060
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F86
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0039
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0014
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F44
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F55
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F11
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F22
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0EF6
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0F97
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A008C
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\explorer.exe[4804] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F33
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FC0
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290F8A
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FDB
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290047
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FA5
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\explorer.exe[4804] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290022
.text C:\WINDOWS\explorer.exe[4804] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 002C0000
.text C:\WINDOWS\explorer.exe[4804] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 002C0025
.text C:\WINDOWS\explorer.exe[4804] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 002C0036
.text C:\WINDOWS\explorer.exe[4804] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 002C0051
.text C:\WINDOWS\explorer.exe[4804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01630000
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F68
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F79
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F46
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0082
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00BA
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00A9
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A00D5
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0F57
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A001B
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[5284] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290058
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290047
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\System32\svchost.exe[5284] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[5284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00B17CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00B17D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [009D7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1376] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [009D7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLHOS~1.EXE[3420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120560~1\EE\AOLServiceHost.exe[3464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A56D4D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32@ c:\windows\system32\jabovazo.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32@ThreadingModel Both

---- EOF - GMER 1.0.14 ----

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 15 December 2008 - 03:15 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box and press Enter.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\qleyytctjqizp.exe
c:\documents and settings\abel leal\Application Data\wklnhst.dat

Folder::
c:\windows\system32\ta
c:\windows\system32\din

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4240-b435-11dd-a5da-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4241-b435-11dd-a5da-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4246-b435-11dd-a5da-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d96c4248-b435-11dd-a5da-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da54ff30-0139-11dd-a576-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f91a9de5-a40f-11dd-a5d8-00038a000015}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 23 December 2008 - 02:01 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users