Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Generic.dx (on WinXP)


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mr. Paul

Mr. Paul

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 29 April 2009 - 10:07 PM

McAfee detected Generic.dx and deleted it (several times). Now, however, my browser(s) -- IE 8 and Firefox 3 -- are hijacked and go to different locations when hyperlinks are clicked. The colorful "Google" logo only half appears (an indication that things are not 'normal'). When I click it link inside on e-mail message (in Microsoft Outlook 2000) a majority of the time it will start to open a browser window, then lock up the entire machine. I attempted System Restore, but the clicking the 'Next' button to initiate it did nothing. I turned System Restore off and ran McAfee Scan again. Nothing. I attempted to install Spybot -- no can do. I ran McAfee Scan in Safe Mode but it didn't detect anything.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Paul at 21:50:38.62 on Wed 04/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2154 [GMT -5:00]

AV: Total Protection Service *On-access scanning enabled* (Updated)
FW: Total Protection Service *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = file:///C:/Stuff/Web%20Pages/HomePage.html
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-

out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [reupdate] "c:\targus\acp60\reupdate.exe" "c:\targus\acp60\txexvga.inf" "pci\VEN_18CA&DEV_0020"
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009 ultimate\5.0\CPMonitor.exe"
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
StartupFolder: c:\docume~1\paul\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3

\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE
IE: Append Link Target to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233170336703
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.159,85.255.112.16
TCP: {2EFC4CF0-6739-42C1-8F05-DA85081767B9} = 85.255.112.159,85.255.112.16
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed

virusscan\agent\MyRmProt4.7.0.752.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\3n2gfyon.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Stuff/Web%20Pages/HomePage.html
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-3-22 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-3-22 15856]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-22 213768]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-3-22 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe

[2008-8-1 125424]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2009-1-22 14144]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-1-

22 540776]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2009-1

-22 175704]
R3 McShield;McShield;c:\program files\mcafee\managed virusscan\vscan\McShield.exe [2009-1-22 144704]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2009-1-22 79880]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2009-1-22 35272]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-1-22 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-1-22 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys

[2009-1-22 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-1-22 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-1-22 235840]
S2 gupdate1c9a277d130b6b6;Google Update Service (gupdate1c9a277d130b6b6);c:\program files\google\update\GoogleUpdate.exe

[2009-3-11 133104]
S2 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\drivers\RioUsb.sys [2009-3-28 15152]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 ultimate\digital home 11

\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008

-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14

170480]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop

search\GoogleDesktop.exe [2009-1-22 30192]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2009-1-22 34216]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 ultimate\digital home 11

\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]

=============== Created Last 30 ================

2009-04-28 08:18 13,030 a------- C:\PDOXUSRS.NET
2009-04-26 18:57 <DIR> --d----- c:\docume~1\paul\applic~1\ScanSpyware
2009-04-26 18:56 <DIR> --d----- c:\program files\Exterminate It!
2009-04-26 12:12 34 a------- c:\windows\hpfsched.ini
2009-04-26 12:10 <DIR> --d----- c:\program files\HP Photosmart 11
2009-04-26 11:47 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-26 11:47 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-26 11:47 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-26 11:47 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-26 00:37 <DIR> --d----- c:\program files\epson
2009-04-26 00:37 33,280 a------- c:\windows\system32\esccm.dll
2009-04-26 00:37 29,696 a------- c:\windows\system32\escwiab.dll
2009-04-26 00:37 27,648 a------- c:\windows\system32\escimg.dll
2009-04-26 00:37 <DIR> --d----- C:\EPSON
2009-04-25 10:06 10 a------- c:\windows\system32\kr_done1
2009-04-25 09:51 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-25 09:45 <DIR> --d----- c:\program files\Sony Setup
2009-04-25 09:25 266,360 a------- c:\windows\system32\TweakUI.exe
2009-04-25 09:25 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-04-17 17:31 <DIR> --d----- C:\CFTview
2009-04-16 05:08 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 05:08 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 22:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 11:37 <DIR> --d----- c:\program files\Sony

==================== Find3M ====================

2009-03-28 08:35 167,424 a------- c:\windows\system32\SpoonUninstall.exe
2009-03-28 08:35 2,519 a------- c:\windows\system32\SpoonUninstall-dMC SPA Rio 500 Driver.dat
2009-03-28 08:30 8,762 a------- c:\windows\system32\SpoonUninstall-dMC Sveta Portable Audio.dat
2009-03-28 08:29 11,367 a------- c:\windows\system32\SpoonUninstall-dMC Power Pack.dat
2009-03-28 08:29 21,205 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-25 08:45 167 a------- c:\documents and settings\paul\udownload.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:24 55,208 a------- c:\windows\system32\drivers\mfetdik.sys
2009-03-03 12:24 34,216 a------- c:\windows\system32\drivers\MfeRKDK.sys
2009-03-03 12:23 213,768 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-03 12:23 35,272 a------- c:\windows\system32\drivers\MfeBOPK.sys
2009-03-03 12:23 79,880 a------- c:\windows\system32\drivers\MfeAVFK.sys
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-22 18:50 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 21:50:59.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 30 April 2009 - 12:58 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2009 - 08:04 AM

Hi Sam... thanks for helping me out. :thumbup2:

OTListIt logfile created on: 5/2/2009 4:02:46 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.94 Gb Available in Paging File | 98.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 166.26 Gb Free Space | 74.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 114.49 Gb Total Space | 4.60 Gb Free Space | 4.02% Space Free | Partition Type: NTFS
Drive G: | 1.96 Gb Total Space | 0.24 Gb Free Space | 12.31% Space Free | Partition Type: FAT32
Drive H: | 25.98 Gb Total Space | 4.96 Gb Free Space | 19.07% Space Free | Partition Type: FAT32
Drive I: | 16.05 Gb Total Space | 0.77 Gb Free Space | 4.78% Space Free | Partition Type: FAT32

Computer Name: PAULWSCHULTZ
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/06/29 21:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2008/06/29 21:42:14 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/03/11 13:33:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/21 16:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/02/21 16:21:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/02/21 19:06:34 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/21 19:06:20 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/02/21 19:06:24 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/07/16 16:32:06 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
PRC - [2008/02/21 16:24:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/14 22:17:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/02/21 19:06:34 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/07/27 17:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2008/06/29 21:42:40 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2008/02/22 13:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2008/02/21 16:25:06 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2009/01/22 18:54:06 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/02/21 16:24:54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2009/04/10 12:29:08 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/01/06 14:07:25 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2008/08/14 01:04:42 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/19 21:35:14 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/04/20 10:10:48 | 00,084,464 | ---- | M] () -- C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
PRC - [2006/01/06 14:07:25 | 00,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/01/22 18:54:04 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/01/09 20:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 21:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/08/01 11:59:26 | 00,125,424 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/03 12:21:36 | 00,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/04/14 22:17:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/02/13 13:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/05/23 16:30:32 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/04/13 01:50:54 | 00,175,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\DRIVERS\o2flash.exe
PRC - [2008/08/14 01:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/03/03 12:23:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2002/06/07 16:29:59 | 00,061,490 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/13 01:54:38 | 00,251,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
PRC - [2002/06/26 03:57:36 | 01,917,002 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\FRONTPG.EXE
PRC - [2001/02/20 13:48:40 | 13,840,384 | ---- | M] (Adobe Systems, Incorporated) -- C:\Apps\Adobe Photoshop 6.0\Photoshp.exe
PRC - [2009/04/10 12:30:40 | 01,435,488 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
PRC - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/02 16:01:53 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/08/01 11:59:26 | 00,125,424 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/03 12:21:36 | 00,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer [Auto | Running])
SRV - [2009/01/22 18:52:57 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
SRV - [2009/01/22 18:54:06 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
SRV - [2009/03/11 13:33:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a277d130b6b6 [Auto | Stopped])
SRV - [2009/02/11 13:22:57 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 07:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/04/14 22:17:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/02/13 13:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service [Auto | Running])
SRV - [2009/03/03 12:23:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield [On_Demand | Running])
SRV - [2007/05/23 16:30:32 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/04/13 01:50:54 | 00,175,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\DRIVERS\o2flash.exe -- (O2FLASH [Auto | Running])
SRV - [2006/01/06 14:07:26 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\HPHipm11.exe -- (Pml Driver HPH11 [On_Demand | Stopped])
SRV - [2008/08/14 00:25:20 | 00,313,840 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11 [On_Demand | Stopped])
SRV - [2008/08/14 00:25:24 | 00,367,088 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11 [Auto | Stopped])
SRV - [2008/08/14 00:24:06 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11 [Auto | Stopped])
SRV - [2009/01/09 07:46:25 | 01,122,304 | R--- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11 [On_Demand | Stopped])
SRV - [2008/08/14 00:24:02 | 00,170,480 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11 [Auto | Stopped])
SRV - [2008/08/14 01:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Running])
SRV - [2008/06/29 21:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 07:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/02/21 16:24:52 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/05/27 10:45:40 | 00,017,920 | ---- | M] (ASIX Electronics Corp.) -- C:\WINDOWS\system32\DRIVERS\ax88772.sys -- (AX88772 [On_Demand | Stopped])
DRV - [2008/06/29 21:42:26 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2005/07/20 15:26:02 | 01,390,656 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau [On_Demand | Running])
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2007/07/23 16:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2007/07/23 16:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2007/07/23 15:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
DRV - [2007/07/23 16:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2007/07/23 16:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2007/07/23 16:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2007/07/23 16:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2007/07/23 15:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2007/07/23 16:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2007/07/23 16:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/01/06 14:07:26 | 00,050,896 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphid411.sys -- (Dot4 HPH11 [On_Demand | Running])
DRV - [2006/01/06 14:07:27 | 00,016,112 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\hphipr11.sys -- (Dot4Print HPH11 [On_Demand | Running])
DRV - [2006/01/06 14:07:27 | 00,018,928 | ---- | M] (HP) -- C:\WINDOWS\System32\drivers\hphius11.sys -- (Dot4Usb HPH11 [On_Demand | Running])
DRV - [2007/07/23 15:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2007/07/23 15:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/04/25 18:09:32 | 00,005,248 | ---- | M] () -- C:\Program Files\RIOsitude\giveio.sys -- (giveio [On_Demand | Stopped])
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/02/21 19:06:38 | 05,776,928 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/03/17 16:54:30 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/02/21 16:21:58 | 04,625,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/03/03 12:23:30 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys -- (MfeAVFK [On_Demand | Running])
DRV - [2009/03/03 12:23:36 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys -- (MfeBOPK [On_Demand | Running])
DRV - [2009/03/03 12:23:54 | 00,213,768 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/03 12:24:24 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys -- (MfeRKDK [On_Demand | Stopped])
DRV - [2009/03/03 12:24:42 | 00,055,208 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2007/03/02 15:16:52 | 00,109,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/08/26 19:39:42 | 00,051,288 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR [On_Demand | Running])
DRV - [2008/08/26 19:39:48 | 00,043,608 | ---- | M] (O2Micro ) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR [On_Demand | Running])
DRV - [2008/07/16 16:32:00 | 00,141,376 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\Drivers\OEM13Afx.sys -- (OEM13Afx [On_Demand | Running])
DRV - [2008/07/16 16:32:10 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys -- (OEM13Vfx [On_Demand | Running])
DRV - [2008/07/16 16:32:12 | 00,235,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys -- (OEM13Vid [On_Demand | Running])
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/16 03:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [1999/10/27 13:29:00 | 00,015,152 | R--- | M] (RioPort.Com) -- C:\WINDOWS\System32\Drivers\RioUsb.sys -- (RIOUSB [Auto | Stopped])
DRV - [2008/02/21 19:28:14 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008/08/11 10:53:22 | 00,057,328 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys -- (RxFilter [Disabled | Stopped])
DRV - [2008/08/01 01:00:00 | 00,020,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32 [Boot | Running])
DRV - [2008/08/01 01:00:00 | 00,015,856 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32 [Boot | Running])
DRV - [2008/08/01 01:00:00 | 00,025,584 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\SaibVd32.sys -- (SaibVd32 [System | Running])
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/06/28 13:08:56 | 00,042,752 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Running])
DRV - [2008/04/14 07:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090123
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Stuff/Web%20Pages/HomePage.html
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\S-1-5-21-1003601255-638443307-678660427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1003601255-638443307-678660427-1006\S-1-5-21-1003601255-638443307-678660427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "file:///C:/Stuff/Web%20Pages/HomePage.html"
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/28 14:43:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/14 22:17:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 20:53:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 20:53:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/02/13 04:49:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2009/01/28 12:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions
[2009/01/28 12:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/30 07:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\3n2gfyon.default\extensions
[2009/02/11 09:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\3n2gfyon.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/04/30 07:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 20:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/14 22:17:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 20:53:17 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 20:53:17 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1003601255-638443307-678660427-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1003601255-638443307-678660427-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [reupdate] "C:\Targus\ACP60\reupdate.exe" "c:\Targus\Acp60\TXEXVGA.inf" "PCI\VEN_18CA&DEV_0020" File not found
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKU\S-1-5-21-1003601255-638443307-678660427-1006..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1003601255-638443307-678660427-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1003601255-638443307-678660427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1233170336703 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.159,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2EFC4CF0-6739-42C1-8F05-DA85081767B9}\\NameServer = 85.255.112.159,85.255.112.16
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.752.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/29 06:46:10 | 00,000,943 | ---- | M] () - G:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2003/09/05 23:31:08 | 00,000,767 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/12/11 11:00:56 | 00,000,603 | ---- | M] () - G:\autoexec.nai -- [ FAT32 ]
O32 - AutoRun File - [2003/09/05 19:55:36 | 00,000,738 | ---- | M] () - G:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/02 16:03:21 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\u13tox69.exe
[2009/05/02 16:01:53 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe
[2009/05/02 11:37:11 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to stcd.lnk
[2009/05/02 06:59:25 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2009/05/02 06:59:23 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/05/01 21:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\The-Trades - TRANSFER
[2009/04/29 21:50:28 | 00,360,021 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2009/04/29 17:57:41 | 00,000,000 | ---D | C] -- C:\Documents\My Disc Gallery
[2009/04/29 07:19:15 | 32,111,86176 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/28 08:18:51 | 00,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2009/04/27 07:45:05 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Sound Forge Audio Studio 9.0.lnk
[2009/04/26 18:57:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ScanSpyware
[2009/04/26 18:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/04/26 12:12:15 | 00,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/04/26 12:10:38 | 00,000,000 | ---D | C] -- C:\Program Files\HP Photosmart 11
[2009/04/26 11:47:07 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/04/26 11:47:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/04/26 11:47:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/04/26 11:47:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/04/26 00:37:49 | 00,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2009/04/26 00:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\epson
[2009/04/26 00:37:48 | 00,033,280 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccm.dll
[2009/04/26 00:37:48 | 00,029,696 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiab.dll
[2009/04/26 00:37:48 | 00,027,648 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimg.dll
[2009/04/26 00:37:34 | 00,000,000 | ---D | C] -- C:\EPSON
[2009/04/25 10:06:46 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2009/04/25 09:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Publish Providers
[2009/04/25 09:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/04/25 09:45:22 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/04/25 09:25:13 | 00,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2009/04/25 09:25:13 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2009/04/17 17:31:58 | 00,000,000 | ---D | C] -- C:\CFTview
[2009/04/16 05:09:22 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 05:09:21 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 05:09:21 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 05:09:21 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 05:09:21 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 05:09:21 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 05:09:20 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 05:09:20 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 05:09:20 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 05:09:20 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 05:08:54 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 05:08:53 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 06:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\APRIL
[2009/04/11 11:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Sony
[2009/04/11 11:37:51 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/04/11 10:33:51 | 00,000,195 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Rousers on 2May2009 at Majestic Theater.url
[2009/04/09 23:15:48 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/09 23:15:48 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/04/09 23:15:47 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/04/09 23:15:47 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/09 23:15:47 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/04/09 23:15:47 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/09 23:15:47 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/09 23:15:47 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/04/09 23:15:47 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/04/09 23:15:47 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/09 23:15:47 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/04/09 23:15:47 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/09 23:15:47 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/04/09 23:15:47 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/04/09 23:15:45 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/09 23:15:43 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/04/09 23:15:43 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/09 23:15:43 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/04/09 23:15:43 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/04/09 23:15:43 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/04/09 23:15:43 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/04/09 23:15:43 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/09 23:15:43 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/04/09 23:15:43 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/09 23:15:43 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/04/09 23:15:43 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/04/09 23:15:43 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/04/09 23:15:43 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/04/09 23:15:43 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/04/09 23:15:43 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/04/09 23:15:43 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/04/09 23:15:43 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/04/09 23:15:43 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/04/09 23:15:43 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/04/09 23:15:43 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/04/09 23:15:43 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/04/09 23:15:43 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/04/09 23:15:43 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/04/09 23:15:42 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/04/09 23:15:41 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/09 23:15:41 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/04/09 23:15:41 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/04/09 23:15:41 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/09 23:15:41 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/04/09 23:15:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/04/09 23:15:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/04/09 23:15:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/09 23:15:41 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/09 23:15:41 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/09 23:15:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/04/09 23:15:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/09 23:15:40 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/09 23:15:40 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/09 23:15:40 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/04/09 23:15:40 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/04/09 23:15:40 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/09 23:15:37 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/09 23:15:37 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/04/09 23:15:37 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/09 23:15:37 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/04/09 23:15:36 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/09 23:15:36 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/04/09 23:15:36 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/09 23:15:36 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/09 23:15:36 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/09 23:15:36 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/04/09 23:15:36 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/09 23:15:36 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/09 23:15:36 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/04/09 23:15:36 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/09 23:15:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/04/09 23:15:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/09 23:15:36 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/04/09 23:15:36 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/09 23:15:32 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/04/09 23:15:32 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/04/09 23:15:30 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/09 23:15:30 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/04/09 23:15:30 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/09 23:15:30 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/04/09 23:15:30 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/09 23:15:30 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/04/09 23:15:29 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/04/09 23:15:29 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/04/09 23:15:29 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/09 23:15:29 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/04/09 23:15:29 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/09 23:15:29 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/04/09 23:15:29 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/09 23:15:29 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/04/09 23:15:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/09 23:15:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/09 23:15:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/04/09 23:15:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/04/09 23:15:29 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/04/09 23:15:29 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/09 23:15:29 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/04/09 23:15:29 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2009/04/09 23:15:29 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2009/04/09 23:15:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/04/09 23:15:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2009/04/09 23:15:27 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/04/09 23:15:27 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/04/09 23:15:27 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/04/09 23:15:27 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/04/09 23:15:27 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/04/09 23:15:27 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/04/09 23:15:27 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/04/09 23:15:27 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/04/09 23:15:27 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/04/09 23:15:27 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/04/09 23:15:27 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/04/09 23:15:27 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/04/09 23:15:27 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/04/09 23:15:27 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/04/09 23:15:27 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/04/09 23:15:27 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/04/09 23:15:27 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/04/09 23:15:27 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/04/09 23:15:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/04/09 23:15:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/04/09 23:15:27 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/04/09 23:15:27 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/04/09 23:15:27 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/04/09 23:15:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/04/09 23:15:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/04/09 23:15:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2009/04/09 23:15:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/04/09 23:15:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/04/09 23:15:27 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/04/09 23:15:26 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/04/09 23:15:25 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2009/04/09 23:15:25 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/04/09 23:15:25 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2009/04/09 23:15:25 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/04/09 23:15:25 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/04/09 23:15:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2009/04/09 23:15:25 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/04/09 23:15:25 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/04/09 23:15:25 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/04/09 23:15:25 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/04/09 23:15:24 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/04/09 23:15:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/04/09 23:15:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/04/09 23:15:24 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/04/09 23:15:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2009/04/09 23:15:24 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2009/04/09 23:15:23 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/04/09 23:15:22 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/04/09 23:15:22 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/04/09 23:15:22 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/04/09 23:15:22 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/04/09 23:15:22 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/04/09 23:15:22 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/04/09 23:15:22 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/04/09 23:15:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/04/09 23:15:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/04/09 23:15:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2009/04/09 23:15:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2009/04/09 23:15:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/04/09 23:15:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2009/04/09 23:15:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2009/04/09 23:15:21 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/04/09 23:15:21 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/04/09 23:15:21 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/04/09 23:15:21 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/04/09 23:15:21 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/04/09 23:15:21 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/04/09 23:15:21 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/04/09 23:15:21 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/04/09 23:15:21 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/04/09 23:15:21 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/04/09 23:15:21 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/04/09 23:15:21 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/04/09 23:15:20 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/04/09 23:15:20 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/04/09 23:15:20 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/04/09 23:15:20 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/04/09 23:15:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/04/09 23:15:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/04/09 23:15:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/04/09 23:15:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/04/09 23:15:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/04/09 23:15:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/04/09 23:15:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/04/09 23:15:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/04/04 13:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\The-Trades - NEWER
[2009/02/15 21:47:04 | 00,005,874 | ---- | C] () -- C:\WINDOWS\GWSPRO.INI
[2009/02/01 02:29:43 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2009/01/28 14:16:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/28 12:56:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2009/01/22 20:41:11 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/01/22 20:41:11 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/01/22 20:41:11 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/01/22 20:40:12 | 00,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/22 18:58:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/22 18:53:52 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/22 18:51:03 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/01/22 18:51:02 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 16:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/25 11:16:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/30 15:07:46 | 00,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[1999/01/22 08:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/02 16:03:21 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\u13tox69.exe
[2009/05/02 16:01:53 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTListIt2.exe
[2009/05/02 15:59:18 | 00,019,623 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/02 14:59:02 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2009/05/02 14:59:02 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/05/02 11:37:11 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to stcd.lnk
[2009/05/02 07:03:25 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/02 07:03:25 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/02 07:03:25 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/02 06:59:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/02 06:59:05 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/02 06:59:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\desktop.ini
[2009/05/02 06:59:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/02 06:59:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/02 06:58:58 | 32,111,86176 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/30 07:46:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2009/04/29 21:50:29 | 00,360,021 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2009/04/28 08:28:17 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/04/27 07:45:05 | 00,001,846 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Sound Forge Audio Studio 9.0.lnk
[2009/04/26 14:05:27 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2009/04/26 12:14:11 | 00,000,562 | ---- | M] () -- C:\hpfr5550.xml
[2009/04/26 12:12:15 | 00,000,034 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
[2009/04/26 00:37:49 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2009/04/25 10:06:46 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2009/04/24 16:28:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/22 18:38:13 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/04/16 05:17:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/13 15:09:38 | 00,000,436 | ---- | M] () -- C:\WINDOWS\System\CMCNFGU.INI
[2009/04/13 14:26:14 | 00,000,195 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Rousers on 2May2009 at Majestic Theater.url
[2009/04/11 21:28:44 | 00,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/10 11:34:06 | 00,005,874 | ---- | M] () -- C:\WINDOWS\GWSPRO.INI
[2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Paul\Desktop\Rousers on 2May2009 at Majestic Theater.url:favicon
< End of report >

#4 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2009 - 08:07 AM

OTListIt Extras logfile created on: 5/2/2009 4:02:46 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.94 Gb Available in Paging File | 98.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 166.26 Gb Free Space | 74.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 114.49 Gb Total Space | 4.60 Gb Free Space | 4.02% Space Free | Partition Type: NTFS
Drive G: | 1.96 Gb Total Space | 0.24 Gb Free Space | 12.31% Space Free | Partition Type: FAT32
Drive H: | 25.98 Gb Total Space | 4.96 Gb Free Space | 19.07% Space Free | Partition Type: FAT32
Drive I: | 16.05 Gb Total Space | 0.77 Gb Free Space | 4.78% Space Free | Partition Type: FAT32

Computer Name: PAULWSCHULTZ
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/04/13 01:50:54 | 00,175,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
[2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/04/13 01:50:54 | 00,175,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
[2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/01/29 21:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
[2008/03/31 20:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
[2008/03/27 20:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{09DE0FAC-D71C-47ED-A2C7-EFE920D5B36C}" = BIAS SoundSoap SE 2.1.3
"{09EA3E66-F60C-45EF-9C16-6CA2262E21C4}" = Roxio Creator 2009 Ultimate
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}" = Microsoft Office HTML Filter 2.0
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AFDA89-371C-4596-B1ED-6F0E2CFFE5AA}" = TARGUS ACP45 V2.0.1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Ultimate
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9AD30CFC-FB11-446D-80B7-BCA87DD1D45B}" = SmartSound Sonicfire Pro 4
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Alarm_is1" = Alarm 2.0.4
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CDex" = CDex extraction audio
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"dMC Power Pack" = dMC Power Pack
"dMC SPA Rio 500 Driver" = dMC SPA Rio 500 Driver
"dMC Sveta Portable Audio" = dMC Sveta Portable Audio
"EPSON Scanner" = EPSON Scan
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO AVI to DVD Converter" = ImTOO AVI to DVD Converter
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{9AD30CFC-FB11-446D-80B7-BCA87DD1D45B}" = SmartSound Sonicfire Pro 4
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVS" = McAfee Virus and Spyware Protection Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orb" = Winamp Remote
"Pidgin" = Pidgin
"SearchAssist" = SearchAssist
"SFlyStudio" = Shutterfly Studio
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2009 5:02:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:02:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 5/2/2009 5:02:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:02:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:03:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/2/2009 5:04:09 PM | Computer Name = PAULWSCHULTZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/30/2009 9:18:35 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/1/2009 12:26:26 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/1/2009 1:47:01 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/1/2009 8:29:42 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/1/2009 8:40:19 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/1/2009 10:27:17 PM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/2/2009 7:30:27 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/2/2009 7:33:22 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/2/2009 7:59:25 AM | Computer Name = PAULWSCHULTZ | Source = Service Control Manager | ID = 7000
Description = The RioPort.Com Rio500 USB Driver service failed to start due to the
following error: %%1058

Error - 5/2/2009 12:34:32 PM | Computer Name = PAULWSCHULTZ | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-03 07:57:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA05B44BA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA05B4468]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA05B447C]
Code 8A391038 ZwEnumerateKey
Code 8A3A1098 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA05B44FA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA05B4440]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA05B4454]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA05B44CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA05B44A6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA05B4492]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA05B4529]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA05B4510]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA05B44E4]
Code 8A38B826 IofCallDriver
Code 8A38B096 IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A38B82B
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A38B09B
.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A05B44E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A05B44BE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A05B44FE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A05B4514 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A3A109C
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A05B44D2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP A05B4444 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP A05B4458 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP A05B4496 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP A05B4480 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A05B446C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP A05B44AA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A05B452D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A39103C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070080
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8B
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070065
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F7A
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700C2
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F4E
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700E7
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F33
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007009B
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001E
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCD
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F5F
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050064
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050053
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050042
.text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E900B0
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E9008B
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9007A
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90069
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E9003D
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E900DE
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900C1
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F7B
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E9010A
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90F6A
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E9004E
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FDB
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F96
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90022
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90011
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E900EF
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80F72
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80F83
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80F9E
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E8002F
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E7003F
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E7002E
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FD2
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E7000C
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E7001D
.text C:\WINDOWS\system32\lsass.exe[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FE3
.text C:\WINDOWS\system32\lsass.exe[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02570FEF
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02570045
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02570F50
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02570F61
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0257001E
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02570F97
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02570F0E
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02570F2B
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02570ED8
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02570071
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02570EC7
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02570F7C
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02570FD4
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02570056
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02570FB2
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02570FC3
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02570EF3
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02520040
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02520062
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02520025
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0252000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02520FAF
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02520FC0
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [72, 8A] {JB 0xffffffffffffff8c}
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02520051
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02510081
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 0251005C
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0251003A
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02510000
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0251004B
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0251001D
.text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02500000
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01210000
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01210065
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01210F7A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01210054
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01210FA1
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0121002F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0121009D
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01210080
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01210F3A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012100D3
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01210F1F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01210FB2
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01210FEF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01210F5F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01210FC3
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01210FD4
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012100B8
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01200051
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0120007D
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01200036
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0120001B
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0120006C
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0120000A
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01200FCA
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [40, 89]
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01200FE5
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011F0FB7
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 011F0038
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011F001D
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011F0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011F0FC8
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011F000C
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011E0000
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026D0000
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026D0F81
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026D0F92
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026D006C
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026D005B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026D0040
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026D009B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026D0F53
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026D0F27
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026D0F38
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026D00DB
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026D0FB9
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026D001B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026D0F70
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026D0FD4
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026D0FE5
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026D00B6
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 026C0FCA
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 026C0062
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 026C0025
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 026C0FEF
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 026C0051
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 026C000A
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 026C0FA5
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 8A]
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 026C0036
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 026B0F90
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!system 77C293C7 5 Bytes JMP 026B0FAB
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 026B0FC6
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 026B0FEF
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 026B001B
.text C:\WINDOWS\System32\svchost.exe[1260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 026B0000
.text C:\WINDOWS\System32\svchost.exe[1260] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026A0FE5
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 02690FE5
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 02690000
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 0269001B
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 0269002C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20062
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F77
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F35
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C2007D
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200AC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F13
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C200BD
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F52
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F24
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10062
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FA1
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00022
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FBC
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA007D
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0051
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F9E
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA008E
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F46
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F10
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00A9
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00C4
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0FAF
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F6D
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0025
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0014
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F2B
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F83
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C90F94
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes JMP C89FEDE5
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90FAF
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80058
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80047
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FD7
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C8002C
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1460] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70000
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 06010F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 06010F4D
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 06010F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 06010F6F
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 06010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 06010067
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 06010F15
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 06010ED8
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 06010EF3
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 06010082
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 06010011
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0601004C
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 06010000
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 06010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 06010F04
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05DD0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05DD0014
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05DD0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05DD0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05DD0F57
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05DD0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 05DD0F72
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FD, 8D]
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05DD0F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01049315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0111DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0111DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01124832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01081CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0123E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0123DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0123DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0123DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0123DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0123E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0123DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 05DC0F95
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!system 77C293C7 5 Bytes JMP 05DC0020
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 05DC0FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!_open 77C2F566 5 Bytes JMP 05DC0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 05DC0FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 05DC0FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0112488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 05DB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 05B5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 05B50025
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 05B50FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1772] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 05B50040
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03250FEF
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03250F97
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0325008C
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03250FA8
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03250065
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03250040
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032500CE
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 032500A7
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03250F50
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03250F61
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03250F3F
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03250FB9
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03250000
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03250F86
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03250FD4
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0325001B
.text C:\WINDOWS\Explorer.EXE[2036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 032500DF
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03240FCA
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03240065
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03240FE5
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03240011
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0324004A
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03240000
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03240FA8
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [44, 8B]
.text C:\WINDOWS\Explorer.EXE[2036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03240FB9
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03230066
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!system 77C293C7 5 Bytes JMP 0323004B
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0323003A
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03230000
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03230FE5
.text C:\WINDOWS\Explorer.EXE[2036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0323001D
.text C:\WINDOWS\Explorer.EXE[2036] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00E40000
.text C:\WINDOWS\Explorer.EXE[2036] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\Explorer.EXE[2036] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\Explorer.EXE[2036] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00E4002F
.text C:\WINDOWS\Explorer.EXE[2036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 031E0000
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D3008E
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30073
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30F99
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30062
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D3002C
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300BA
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300A9
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F35
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30F46
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30F24
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30051
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30F88
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D3001B
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30FD4
.text C:\WINDOWS\system32\svchost.exe[2380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D30F61
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D2001E
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D20FA8
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D20FCD
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FDE
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D20065
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D2004A
.text C:\WINDOWS\system32\svchost.exe[2380] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D2002F
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D1005D
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D1004C
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D1001D
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10FD2
.text C:\WINDOWS\system32\svchost.exe[2380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D1000C
.text C:\WINDOWS\system32\svchost.exe[2380] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[2380] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00CF0FD4
.text C:\WINDOWS\system32\svchost.exe[2380] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[2380] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\svchost.exe[2380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F70
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70065
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70F97
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FA8
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F31
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F4E
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70F16
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700A5
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D700CA
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70FC3
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F5F
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[3488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D7008A
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00840051
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00840076
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00840036
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00840025
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00840FB9
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00840000
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00840FCA
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A4, 88]
.text C:\WINDOWS\system32\svchost.exe[3488] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00840FE5
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00830F7F
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!system 77C293C7 5 Bytes JMP 00830F9A
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00830FC6
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00830000
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00830FB5
.text C:\WINDOWS\system32\svchost.exe[3488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00830FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 048A0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 048A0F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 048A0F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 048A0F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 048A0FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 048A0FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 048A008C
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 048A007B
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 048A0F1F
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 048A00B8
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 048A0F0E
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 048A004A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 048A0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 048A0F50
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 048A0025
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 048A0014
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 048A00A7
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0489003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0489007A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04890022
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04890011
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04890FC7
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04890000
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0489005F
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0489004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01049315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01124832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0123E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0123DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0123DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0123DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0123DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0123E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0123DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04880FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!system 77C293C7 5 Bytes JMP 04880042
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04880FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04880000
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04880027
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04880FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 046E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 03DA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 03DA0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 03DA001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 03DA0036
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06AC0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 06AC0087
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 06AC006C
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 06AC005B
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 06AC0F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 06AC0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 06AC0F3F
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 06AC0F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 06AC0F0C
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 06AC0F1D
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 06AC00CA
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 06AC0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06AC001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 06AC0F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 06AC002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 06AC0FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 06AC0F2E
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 06AB002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 06AB008E
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 06AB0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 06AB001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 06AB0069
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 06AB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 06AB004E
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 06AB003D
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00FF9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 010CDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 010CDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 010D4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01031CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 011EE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 011EDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 011EDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 011EDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 011EDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 011EE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 011EDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 06AA0F92
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!system 77C293C7 5 Bytes JMP 06AA001D
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 06AA0FC8
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 06AA0000
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 06AA0FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 06AA0FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 010D488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 06A9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 06A80000
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 06A8001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 06A80036
.text C:\Program Files\Internet Explorer\iexplore.exe[3900] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 06A80051
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F8F
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260084
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260073
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F61
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600E9
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F50
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600FA
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260058
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026009F
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600C4
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0035002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035006C
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0035005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01419315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 014EDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 014EDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 014F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01451CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0160E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0160DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0160DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0160DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0160DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0160E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0160DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F95
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360020
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 014F488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00BF0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00BF0014
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00BF002F
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00BF0FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260031
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F57
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F68
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260073
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F06
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0026009F
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600B0
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F2B
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260084
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F83
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0035002F
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01419315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 014EDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 014EDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 014F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01451CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0160E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0160DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0160DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0160DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0160DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0160E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0160DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360055
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 014F488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00AB0000
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00AB0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00AB001B
.text C:\Program Files\Internet Explorer\iexplore.exe[5216] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00AB0040

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00AA18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3900] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00AB18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4280] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00AA18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C018FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1772] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3780] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3900] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [4280] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [5216] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys 32256 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\gxvxccounter 4 bytes
File C:\WINDOWS\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll 14336 bytes executable

---- EOF - GMER 1.0.15 ----

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 03 May 2009 - 10:56 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2009 - 02:23 AM

ComboFix 09-05-03.1 - Paul 05/04/2009 2:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2658 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Total Protection Service *On-access scanning enabled* (Updated)
FW: Total Protection Service *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-3-33-100029277-100018141-100003150-2714.com
c:\windows\system32\drivers\gxvxcpjmdcqnnfumxkawfuelwqrytsptkxkfu.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcqrbndilaupihbujhmldoumhrwgwnkkqg.dll
c:\windows\system32\kr_done1
c:\windows\system32\x64
f:\recycler\S-1-3-33-100029277-100018141-100003150-2714.com
g:\recycler\S-1-3-33-100029277-100018141-100003150-2714.com
h:\recycler\S-1-3-33-100029277-100018141-100003150-2714.com
i:\recycler\S-1-3-33-100029277-100018141-100003150-2714.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-02 16:30 . 2009-05-02 17:32 -------- d-----w c:\documents and settings\Paul\Local Settings\Application Data\MicroVision Applications
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-29 05:29 . 2009-04-29 05:29 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-26 23:57 . 2009-04-26 23:57 -------- d-----w c:\documents and settings\Paul\Application Data\ScanSpyware
2009-04-26 23:56 . 2009-04-27 00:03 -------- d-----w c:\program files\Exterminate It!
2009-04-26 17:10 . 2009-04-26 17:10 -------- d-----w c:\program files\HP Photosmart 11
2009-04-26 16:47 . 2001-08-18 03:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-26 16:47 . 2008-04-14 10:42 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-26 16:47 . 2008-04-14 05:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-26 16:47 . 2008-04-14 05:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-26 05:37 . 2009-04-26 05:37 -------- d-----w c:\program files\epson
2009-04-26 05:37 . 2003-12-15 05:00 33280 ----a-w c:\windows\system32\esccm.dll
2009-04-26 05:37 . 2003-12-15 05:00 27648 ----a-w c:\windows\system32\escimg.dll
2009-04-26 05:37 . 2003-12-15 05:00 29696 ----a-w c:\windows\system32\escwiab.dll
2009-04-26 05:37 . 2009-04-26 05:37 -------- d-----w C:\EPSON
2009-04-25 14:57 . 2009-04-25 14:57 -------- d-----w c:\documents and settings\Paul\Application Data\Publish Providers
2009-04-25 14:45 . 2009-04-27 12:44 -------- d-----w c:\program files\Sony Setup
2009-04-25 14:25 . 2003-06-25 21:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-17 22:31 . 2009-04-17 22:32 -------- d-----w C:\CFTview
2009-04-16 10:09 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 10:09 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 10:09 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 10:09 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 10:09 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 10:09 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 10:09 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 10:09 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 10:09 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 10:09 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 10:08 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 10:08 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 03:17 . 2009-04-15 03:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 16:40 . 2009-04-27 12:45 -------- d-----w c:\documents and settings\Paul\Application Data\Sony
2009-04-11 16:40 . 2009-04-27 12:45 -------- d-----w c:\documents and settings\Paul\Local Settings\Application Data\Sony
2009-04-11 16:37 . 2009-04-27 12:45 -------- d-----w c:\program files\Sony
2009-04-10 23:41 . 2009-04-10 23:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 07:15 . 2009-03-11 18:33 878 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-04 07:14 . 2008-04-25 21:32 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-24 21:28 . 2009-02-13 09:49 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-22 23:38 . 2009-01-28 18:02 -------- d-----w c:\program files\Winamp
2009-04-15 03:17 . 2009-01-22 23:50 -------- d-----w c:\program files\Java
2009-04-14 14:06 . 2009-03-29 21:54 234544 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-13 18:22 . 2009-01-28 17:33 53456 ----a-w c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 14:08 . 2009-03-28 13:45 -------- d-----w c:\program files\RiOFXP
2009-03-28 13:58 . 2009-03-28 13:57 -------- d-----w c:\program files\RIOsitude
2009-03-28 13:35 . 2009-03-28 13:35 2519 ----a-w c:\windows\system32\SpoonUninstall-dMC SPA Rio 500 Driver.dat
2009-03-28 13:35 . 2009-03-19 03:00 167424 ----a-w c:\windows\system32\SpoonUninstall.exe
2009-03-28 13:30 . 2009-03-28 13:30 8762 ----a-w c:\windows\system32\SpoonUninstall-dMC Sveta Portable Audio.dat
2009-03-28 13:29 . 2009-03-19 03:00 11367 ----a-w c:\windows\system32\SpoonUninstall-dMC Power Pack.dat
2009-03-28 13:29 . 2009-03-28 13:29 21205 ----a-w c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-25 13:45 . 2009-03-25 13:41 167 ----a-w c:\documents and settings\Paul\udownload.dat
2009-03-23 13:03 . 2009-03-23 13:03 -------- d-----w c:\program files\MSXML 4.0
2009-03-23 03:57 . 2009-01-22 23:53 -------- d-----w c:\program files\Roxio
2009-03-23 03:51 . 2009-03-23 03:51 -------- d-----w c:\program files\BIAS
2009-03-23 03:49 . 2009-03-22 23:39 -------- d-----w c:\program files\SmartSound Software
2009-03-22 23:44 . 2009-03-22 23:44 -------- d-----w c:\program files\InterActual
2009-03-22 23:44 . 2009-03-22 23:39 -------- d-----w c:\program files\Roxio Creator 2009 Ultimate
2009-03-22 23:43 . 2009-01-22 23:53 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-22 23:42 . 2009-01-22 23:53 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-22 23:42 . 2009-03-22 23:42 -------- d-----w c:\program files\Windows Sidebar
2009-03-22 23:39 . 2009-03-22 23:39 -------- d-----w c:\program files\MSXML 6.0
2009-03-19 03:00 . 2009-03-19 03:00 -------- d-----w c:\program files\Illustrate
2009-03-11 18:33 . 2009-01-22 23:54 -------- d-----w c:\program files\Google
2009-03-08 09:34 . 2008-04-25 16:16 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2008-04-25 16:16 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2008-04-25 16:16 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2008-04-25 16:16 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2008-04-25 16:16 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2008-04-25 16:16 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2008-04-25 16:16 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2008-04-25 16:16 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2008-04-25 16:16 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2008-04-25 16:16 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 09:09 . 2009-03-07 09:09 -------- d-----w c:\program files\Alarm
2009-03-06 14:22 . 2008-04-25 16:16 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 17:24 . 2009-01-22 23:54 55208 ----a-w c:\windows\system32\drivers\mfetdik.sys
2009-03-03 17:24 . 2009-01-22 23:54 34216 ----a-w c:\windows\system32\drivers\MfeRKDK.sys
2009-03-03 17:23 . 2009-01-22 23:54 213768 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-03 17:23 . 2009-01-22 23:54 35272 ----a-w c:\windows\system32\drivers\MfeBOPK.sys
2009-03-03 17:23 . 2009-01-22 23:54 79880 ----a-w c:\windows\system32\drivers\MfeAVFK.sys
2009-02-09 12:10 . 2008-04-25 16:16 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-25 16:16 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-25 16:16 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-25 16:16 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-04-25 16:16 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-04-25 16:16 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-25 16:16 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-25 16:16 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-25 16:16 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-22 23:54 . 2009-01-28 18:43 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-22 23:50 . 2009-01-22 23:50 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 137752]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-16 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-22 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-13 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-11-20 128296]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2009-04-20 84464]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-02-21 16855552]

c:\documents and settings\Paul\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate1c9a277d130b6b6;Google Update Service (gupdate1c9a277d130b6b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
R2 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\Drivers\RioUsb.sys [1999-10-27 15152]
R2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
R2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
R2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-22 30192]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-01-09 1122304]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2008-08-01 20464]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2008-08-01 15856]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2008-08-01 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-08-01 125424]
S2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-03-03 14144]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-04-13 175704]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-08-27 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-08-27 43608]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\Drivers\OEM13Afx.sys [2008-07-16 141376]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-16 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-07-16 235840]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 18:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-reupdate - c:\targus\ACP60\reupdate.exe
HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM-Run-CmUsbSound - cmcnfgu.cpl


.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Stuff/Web%20Pages/HomePage.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\3n2gfyon.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Stuff/Web%20Pages/HomePage.html
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 02:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\drivers\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\Managed VirusScan\VScan\McShield.exe
.
**************************************************************************
.
Completion time: 2009-05-04 2:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 07:18

Pre-Run: 178,205,790,208 bytes free
Post-Run: 178,659,741,696 bytes free

305 --- E O F --- 2009-04-16 10:17

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 04 May 2009 - 09:34 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2009 - 11:08 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 3

5/4/2009 11:00:20 PM
mbam-log-2009-05-04 (23-00-20).txt

Scan type: Quick Scan
Objects scanned: 89906
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (file:///C:/Stuff/Web%20Pages/HomePage.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.159,85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2efc4cf0-6739-42c1-8f05-da85081767b9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.159,85.255.112.16 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My computer performance has improved markedly. My browsers no longer seem to be hijacked and opening a link from within Microsoft Outlook doesn't seem to lock up the machine anymore. It seems closer to 'back to normal' with just a few rogue pop-up windows that aren't being intercepted by McAfee Total Protection.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 05 May 2009 - 09:56 AM

It is looking much better, although even a few popups are troubling. It may mean that we're not completely clean yet.

Are you using a router with this computer?
If so, are there other computers that also go through this router?


Please post a new log from DDS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 05 May 2009 - 10:08 PM

DDS...??

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 06 May 2009 - 09:03 AM

That's the initial log that you posted. It should be here:

C:\Documents and Settings\Paul\Desktop\dds.scr
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 May 2009 - 03:47 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Paul at 15:45:46.82 on Thu 05/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2232 [GMT -5:00]

AV: Total Protection Service *On-access scanning enabled* (Updated)
FW: Total Protection Service *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = file:///C:/Stuff/Web%20Pages/HomePage.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009 ultimate\5.0\CPMonitor.exe"
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
StartupFolder: c:\docume~1\paul\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233170336703
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.752.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paul\applic~1\mozilla\firefox\profiles\3n2gfyon.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Stuff/Web%20Pages/HomePage.html
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-3-22 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-3-22 15856]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-22 213768]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-3-22 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-8-1 125424]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2009-1-22 14144]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-1-22 540776]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2009-1-22 175704]
R3 McShield;McShield;c:\program files\mcafee\managed virusscan\vscan\McShield.exe [2009-1-22 144704]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2009-1-22 79880]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2009-1-22 35272]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-1-22 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-1-22 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-1-22 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-1-22 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-1-22 235840]
S2 gupdate1c9a277d130b6b6;Google Update Service (gupdate1c9a277d130b6b6);c:\program files\google\update\GoogleUpdate.exe [2009-3-11 133104]
S2 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\drivers\RioUsb.sys [2009-3-28 15152]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-22 30192]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2009-1-22 34216]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-8 1122304]

=============== Created Last 30 ================

2009-05-06 08:24 <DIR> --d----- c:\program files\Audacity
2009-05-04 22:53 <DIR> --d----- c:\docume~1\paul\applic~1\Malwarebytes
2009-05-04 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-04 02:01 161,792 a------- c:\windows\SWREG.exe
2009-05-04 02:01 98,816 a------- c:\windows\sed.exe
2009-04-28 08:18 13,030 a------- C:\PDOXUSRS.NET
2009-04-26 18:57 <DIR> --d----- c:\docume~1\paul\applic~1\ScanSpyware
2009-04-26 18:56 <DIR> --d----- c:\program files\Exterminate It!
2009-04-26 12:12 34 a------- c:\windows\hpfsched.ini
2009-04-26 12:10 <DIR> --d----- c:\program files\HP Photosmart 11
2009-04-26 11:47 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-26 11:47 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-26 11:47 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-26 11:47 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-26 00:37 <DIR> --d----- c:\program files\epson
2009-04-26 00:37 33,280 a------- c:\windows\system32\esccm.dll
2009-04-26 00:37 29,696 a------- c:\windows\system32\escwiab.dll
2009-04-26 00:37 27,648 a------- c:\windows\system32\escimg.dll
2009-04-26 00:37 <DIR> --d----- C:\EPSON
2009-04-25 09:51 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-25 09:45 <DIR> --d----- c:\program files\Sony Setup
2009-04-25 09:25 266,360 a------- c:\windows\system32\TweakUI.exe
2009-04-25 09:25 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-04-17 17:31 <DIR> --d----- C:\CFTview
2009-04-16 05:08 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 05:08 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 22:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 11:37 <DIR> --d----- c:\program files\Sony

==================== Find3M ====================

2009-03-28 08:35 167,424 a------- c:\windows\system32\SpoonUninstall.exe
2009-03-28 08:35 2,519 a------- c:\windows\system32\SpoonUninstall-dMC SPA Rio 500 Driver.dat
2009-03-28 08:30 8,762 a------- c:\windows\system32\SpoonUninstall-dMC Sveta Portable Audio.dat
2009-03-28 08:29 11,367 a------- c:\windows\system32\SpoonUninstall-dMC Power Pack.dat
2009-03-28 08:29 21,205 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-25 08:45 167 a------- c:\documents and settings\paul\udownload.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-22 18:50 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 15:46:35.87 ===============

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 07 May 2009 - 04:44 PM

Looks pretty good.

Are you using a router with this computer?
If so, are there other computers that also go through this router?

Are you getting popups still?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Mr. Paul

Mr. Paul
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 09 May 2009 - 11:15 PM

No router. Just a stray popup a couple of times a day. It's running much better! Thank you very much for your assistance. :thumbup2:

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:36 PM

Posted 10 May 2009 - 11:22 AM

A few popups now and then when you're surfing the internet does not always indicate a problem. But keep an eye on it and if they become excessive you may want to come back so we can take another look.


Run OTListIt and click on the CleanUp button.
Reboot your computer when it asks you to.


===============



Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users