Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
8 replies to this topic

#1 tameanaka

tameanaka

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 11 May 2009 - 08:10 PM

Please Help!! As the topic states all google links get redirected through some dumb search and never go where I want. here's my Hijack this Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:51 PM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\Speed Disk\nopdb.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\Program Files\RealVNC\VNC4\WinVNC4.exe
F:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
F:\WINDOWS\system32\Pen_Tablet.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [mcagent_exe] "F:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] F:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MediaPortal] F:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "F:\Documents and Settings\All Users\proto.dll" run
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219880807281
O17 - HKLM\System\CCS\Services\Tcpip\..\{950188C6-89BF-467A-A60A-DB1CA3509139}: NameServer = 68.87.72.130,68.87.75.194
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Program Files\Speed Disk\nopdb.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - F:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9989 bytes

Edited by tameanaka, 11 May 2009 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:23 AM

Posted 12 May 2009 - 05:47 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 tameanaka

tameanaka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 12 May 2009 - 08:13 PM

OTListIt logfile created on: 5/12/2009 6:20:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = F:\Documents and Settings\Bunny\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.78% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 465.76 Gb Total Space | 160.46 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.04 Gb Total Space | 110.52 Gb Free Space | 74.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JB
Current User Name: Bunny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/07/31 23:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/07/31 23:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- f:\program files\common files\mcafee\mna\mcnasvc.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- f:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- F:\Program Files\Speed Disk\nopdb.exe
PRC - [2005/04/01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- F:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/06/12 11:48:16 | 02,159,992 | ---- | M] (RealVNC Ltd.) -- F:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- F:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Explorer.EXE
PRC - [2008/06/27 17:24:58 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\CTHELPER.EXE
PRC - [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.) -- F:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/09/20 15:35:10 | 00,202,024 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- F:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/09/20 15:35:40 | 01,410,344 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/05/02 20:17:16 | 00,307,704 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/12 18:20:15 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bunny\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/08/15 06:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/31 23:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/31 21:05:00 | 00,593,920 | ---- | M] () -- F:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- F:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2008/12/06 18:19:21 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- f:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- F:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2001/08/09 06:00:00 | 00,176,161 | ---- | M] (Symantec Corporation) -- F:\Program Files\Speed Disk\nopdb.exe -- (Speed Disk service [Auto | Running])
SRV - [2005/04/01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
SRV - [2008/05/01 15:40:44 | 03,032,360 | ---- | M] (Wacom Technology, Corp.) -- F:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
SRV - [2008/06/12 11:48:16 | 02,159,992 | ---- | M] (RealVNC Ltd.) -- F:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4 [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- F:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2008/08/01 01:38:20 | 03,266,560 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/05/14 20:24:32 | 00,171,520 | ---- | M] (ATI Technologies Inc.) -- F:\WINDOWS\system32\DRIVERS\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
DRV - [2008/06/27 19:21:18 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2008/06/27 19:21:18 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2008/07/07 10:29:58 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2008/07/07 10:31:10 | 00,532,376 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2008/06/27 19:21:26 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2008/06/27 19:21:26 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])
DRV - [2008/07/07 10:31:44 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2008/06/27 19:21:44 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2008/06/27 19:21:44 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2008/07/07 10:33:40 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2008/06/27 19:21:38 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2008/06/27 19:21:38 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])
DRV - [2008/07/07 10:34:08 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2008/07/07 10:35:46 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/07/07 10:36:10 | 00,797,720 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2008/07/07 10:36:36 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2008/07/07 10:37:04 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- F:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2001/08/17 08:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])
DRV - [2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 03:12:56 | 00,063,120 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:36 | 00,079,120 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/04/13 13:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2008/10/23 13:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- F:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2006/04/24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/04/14 20:09:04 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/04/14 20:09:06 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/07/07 10:33:16 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- F:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2008/08/27 21:30:25 | 00,047,360 | ---- | M] (VSO Software) -- F:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/07/14 10:51:24 | 00,002,048 | ---- | M] () -- F:\WINDOWS\system32\drivers\portio32.sys -- (portio32 [On_Demand | Running])
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/06 11:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/08/27 20:46:54 | 00,639,224 | ---- | M] () -- F:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/27 23:08:30 | 00,057,664 | ---- | M] (Symantec Corporation) -- F:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- F:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/06/12 09:46:40 | 00,004,608 | ---- | M] (RealVNC Ltd.) -- F:\WINDOWS\system32\DRIVERS\vncmirror.sys -- (vncmirror [On_Demand | Running])
DRV - [2008/03/17 13:14:52 | 00,015,144 | ---- | M] (Wacom Technology) -- F:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Stopped])
DRV - [2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- F:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2008/01/15 12:11:46 | 00,013,480 | ---- | M] (Wacom Technology) -- F:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- F:\WINDOWS\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV - [2008/05/20 03:01:00 | 00,288,896 | ---- | M] (Marvell) -- F:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-725345543-484061587-2147145749-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-725345543-484061587-2147145749-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-725345543-484061587-2147145749-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-725345543-484061587-2147145749-1003\S-1-5-21-725345543-484061587-2147145749-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-484061587-2147145749-1003\S-1-5-21-725345543-484061587-2147145749-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: F:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 16:56:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: F:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/04 10:15:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: F:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/02 20:17:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: F:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/02 20:17:22 | 00,000,000 | ---D | M]

[2008/08/27 18:59:05 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Bunny\Application Data\mozilla\Extensions
[2008/08/27 18:59:05 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Bunny\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/10 16:54:42 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Bunny\Application Data\mozilla\Firefox\Profiles\6klcctmu.default\extensions
[2009/02/20 17:14:15 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Bunny\Application Data\mozilla\Firefox\Profiles\6klcctmu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/11 19:10:07 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions
[2009/04/26 08:17:57 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/27 22:12:05 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/10 16:56:50 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/04 10:01:23 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/02 20:17:16 | 00,023,032 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 20:17:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/30 09:02:38 | 00,001,394 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/30 09:02:38 | 00,002,193 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/30 09:02:38 | 00,001,534 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 22:23:51 | 00,002,343 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/30 09:02:38 | 00,001,706 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/30 09:02:38 | 00,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/30 09:02:38 | 00,000,792 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - F:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-725345543-484061587-2147145749-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] F:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] "F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] "F:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] F:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-725345543-484061587-2147145749-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-725345543-484061587-2147145749-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKU\S-1-5-21-725345543-484061587-2147145749-1003..\Run: [DiskChk help] rundll32.exe "F:\Documents and Settings\All Users\proto.dll" run File not found
O4 - HKU\S-1-5-21-725345543-484061587-2147145749-1003..\Run: [MediaPortal] F:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe File not found
O4 - HKU\S-1-5-21-725345543-484061587-2147145749-1003..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-725345543-484061587-2147145749-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-725345543-484061587-2147145749-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-484061587-2147145749-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1219880807281 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{950188C6-89BF-467A-A60A-DB1CA3509139}\\NameServer = 68.87.72.130,68.87.75.194
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - F:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 F:\WINDOWS\System32\*.tmp files]
[4 F:\WINDOWS\*.tmp files]
[2009/05/12 18:21:24 | 00,286,208 | ---- | C] () -- F:\Documents and Settings\Bunny\Desktop\96sgrqnk.exe
[2009/05/12 18:20:15 | 00,501,248 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Bunny\Desktop\OTListIt2.exe
[2009/05/11 19:50:58 | 00,578,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 19:49:42 | 00,000,000 | ---D | C] -- F:\WINDOWS\ERUNT
[2009/05/11 19:37:38 | 00,001,741 | ---- | C] () -- F:\Documents and Settings\Bunny\Desktop\HijackThis.lnk
[2009/05/11 19:37:38 | 00,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2009/05/11 19:22:05 | 00,000,000 | ---D | C] -- F:\WINDOWS\System32\appmgmt
[2009/05/10 17:01:37 | 00,000,000 | ---D | C] -- F:\Program Files\Lavasoft
[2009/05/10 17:01:36 | 00,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/09 18:04:49 | 00,096,374 | ---- | C] () -- F:\Documents and Settings\Bunny\Desktop\Corsair6MIRSMay1May1809USSL75.pdf
[2009/04/15 20:17:10 | 00,284,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 20:17:09 | 00,401,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 20:17:08 | 00,473,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 20:17:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 20:17:07 | 00,453,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 20:17:07 | 00,227,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 20:17:06 | 00,729,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 20:17:05 | 00,714,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 20:17:05 | 00,617,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 20:16:25 | 00,002,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 20:16:24 | 01,203,922 | ---- | C] () -- F:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 20:16:23 | 00,215,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/26 18:21:17 | 00,002,048 | ---- | C] () -- F:\WINDOWS\System32\drivers\portio32.sys
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- F:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- F:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 11:33:02 | 00,012,288 | ---- | C] () -- F:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/15 14:44:53 | 00,000,290 | ---- | C] () -- F:\WINDOWS\_delis43.ini
[2008/09/10 17:31:09 | 00,010,752 | ---- | C] () -- F:\WINDOWS\System32\BASSMOD.dll
[2008/08/30 11:45:02 | 00,000,069 | ---- | C] () -- F:\WINDOWS\NeroDigital.ini
[2008/08/27 21:18:18 | 02,463,976 | ---- | C] () -- F:\WINDOWS\System32\NPSWF32.dll
[2008/08/27 20:55:30 | 00,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2008/08/27 20:46:54 | 00,639,224 | ---- | C] () -- F:\WINDOWS\System32\drivers\sptd.sys
[2008/08/27 19:15:30 | 00,363,520 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2008/06/27 18:05:08 | 00,049,565 | ---- | C] () -- F:\WINDOWS\System32\instwdm.ini
[2008/06/27 18:05:06 | 00,000,054 | ---- | C] () -- F:\WINDOWS\System32\ctzapxx.ini
[2008/06/27 17:27:54 | 00,043,520 | ---- | C] () -- F:\WINDOWS\System32\CTBurst.dll
[2008/06/27 17:26:00 | 00,010,752 | ---- | C] ( ) -- F:\WINDOWS\System32\a3d.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- F:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- F:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- F:\WINDOWS\System32\kill.ini
[2003/09/16 10:52:28 | 00,147,456 | ---- | C] () -- F:\WINDOWS\System32\vorbis.dll
[2003/09/16 10:43:31 | 00,884,736 | ---- | C] () -- F:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 10:41:43 | 00,045,056 | ---- | C] () -- F:\WINDOWS\System32\ogg.dll
[2001/08/23 07:00:00 | 00,000,510 | ---- | C] () -- F:\WINDOWS\win.ini
[2001/08/23 07:00:00 | 00,000,231 | ---- | C] () -- F:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[3 F:\WINDOWS\System32\*.tmp files]
[4 F:\WINDOWS\*.tmp files]
[2009/05/12 18:21:27 | 00,286,208 | ---- | M] () -- F:\Documents and Settings\Bunny\Desktop\96sgrqnk.exe
[2009/05/12 18:20:15 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bunny\Desktop\OTListIt2.exe
[2009/05/12 18:17:03 | 00,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/05/12 18:16:48 | 00,016,945 | ---- | M] () -- F:\WINDOWS\System32\Config.MPF
[2009/05/12 18:16:07 | 00,000,062 | -HS- | M] () -- F:\Documents and Settings\Bunny\Local Settings\desktop.ini
[2009/05/12 18:16:07 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/05/12 18:16:05 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/05/12 18:16:04 | 00,003,568 | ---- | M] () -- F:\WINDOWS\System32\ativvaxx.cap
[2009/05/11 21:33:22 | 00,031,812 | ---- | M] () -- F:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2009/05/11 21:33:22 | 00,031,812 | ---- | M] () -- F:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2009/05/11 21:33:22 | 00,031,272 | ---- | M] () -- F:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2009/05/11 21:33:22 | 00,031,272 | ---- | M] () -- F:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2009/05/11 21:33:22 | 00,011,564 | ---- | M] () -- F:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2009/05/11 21:32:58 | 04,958,588 | ---- | M] () -- F:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF
[2009/05/11 21:32:58 | 04,958,588 | ---- | M] () -- F:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2009/05/11 19:51:31 | 00,000,686 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/11 19:50:58 | 00,578,560 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\user32.dll
[2009/05/11 19:37:38 | 00,001,741 | ---- | M] () -- F:\Documents and Settings\Bunny\Desktop\HijackThis.lnk
[2009/05/09 18:04:49 | 00,096,374 | ---- | M] () -- F:\Documents and Settings\Bunny\Desktop\Corsair6MIRSMay1May1809USSL75.pdf
[2009/04/26 09:38:11 | 00,000,625 | ---- | M] () -- F:\Documents and Settings\Bunny\Desktop\DVDFab 5.lnk
[2009/04/26 09:33:07 | 00,001,535 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/04/15 20:26:00 | 00,508,956 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 20:26:00 | 00,432,356 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/04/15 20:26:00 | 00,067,312 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/04/15 20:20:07 | 00,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
< End of report >





GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-12 20:13:08
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9ED10B0]
SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT sptd.sys ZwQueryKey [0xB9ED6CC4]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44]
SSDT sptd.sys ZwSetValueKey [0xB9ED6D56]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9DF3F4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9DF3F498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9DF3F4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0x9DF3F59B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0x9DF3F5C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9DF3F52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9DF3F661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x9DF3F470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x9DF3F484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9DF3F4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0x9DF3F609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0x9DF3F5B1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x9DF3F689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x9DF3F675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9DF3F4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x9DF3F4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9DF3F559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0x9DF3F64B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9DF3F540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9DF3F514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP 9DF3F518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP 9DF3F4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP 9DF3F52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP 9DF3F544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP 9DF3F502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP 9DF3F474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP 9DF3F488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP 9DF3F4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP 9DF3F4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP 9DF3F49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP 9DF3F4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP 9DF3F55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP 9DF3F64F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP 9DF3F60D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP 9DF3F5B5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP 9DF3F59F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP 9DF3F5CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP 9DF3F679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP 9DF3F68D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP 9DF3F665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? F:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B9C508AC 5 Bytes JMP 8A3CD1B8
? System32\Drivers\agnkej8y.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070067
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F72
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F83
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F94
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070040
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0007009F
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070082
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F24
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F35
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F09
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FB9
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F57
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FD4
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FE5
.text F:\WINDOWS\system32\services.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F46
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060051
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FE5
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F94
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00060036
.text F:\WINDOWS\system32\services.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FB9
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA8
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050033
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FDE
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FCD
.text F:\WINDOWS\system32\services.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050018
.text F:\WINDOWS\system32\services.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60090
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F9B
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60069
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FB6
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60058
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C600CB
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F79
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600E6
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F4D
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60101
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60FC7
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60011
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F8A
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60047
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C6002C
.text F:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F5E
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50014
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50F94
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FC3
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FD4
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5005B
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C50040
.text F:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50025
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FA8
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40033
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40011
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40000
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40022
.text F:\WINDOWS\system32\lsass.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FD7
.text F:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FE5
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60FEF
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60065
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60F7A
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60F97
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60054
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60039
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F6009D
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60080
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600DD
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F3A
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F600EE
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60FB2
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60000
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60F55
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FC3
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60FD4
.text F:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F600AE
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F50FCA
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50F83
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FE5
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F5001B
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F9E
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50000
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F50FAF
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [15, 89]
.text F:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50036
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F40FDE
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F4005F
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F40FEF
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F40000
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F4004E
.text F:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F40029
.text F:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E90FEF
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006B0FEF
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006B0F66
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006B0F81
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006B005B
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006B004A
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006B0FA8
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006B00A2
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006B0091
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B0F09
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B0F1A
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006B00B3
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006B002F
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006B000A
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006B0080
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006B0FB9
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006B0FCA
.text F:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006B0F35
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FCA
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0066005B
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FDB
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660011
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660F9E
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660040
.text F:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FB9
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB4
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 0065003F
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0065001D
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0065002E
.text F:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FE3
.text F:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 0064000A
.text F:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00640FEF
.text F:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 0064001B
.text F:\WINDOWS\system32\svchost.exe[1308] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00640036
.text F:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FEF
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60036
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F41
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60F52
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F6F
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60F94
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F26
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60062
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600AE
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60F15
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C600C9
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6001B
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FD4
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60047
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6000A
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FB9
.text F:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60093
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50FB2
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50F61
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FC3
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FDE
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50F7C
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C5001E
.text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50F97
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40064
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40FD9
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C4002E
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40000
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40049
.text F:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C4001D
.text F:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 056E0FE5
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 056E00A1
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 056E0090
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 056E0075
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 056E0058
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 056E002C
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 056E0F8A
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 056E00D2
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 056E0F5E
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 056E00F7
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 056E0F4D
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 056E0047
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 056E0FD4
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 056E0F9B
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 056E0011
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 056E0000
.text F:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 056E0F6F
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 056D0FAF
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 056D0F83
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 056D0000
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 056D0FCA
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 056D0040
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 056D0FEF
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 056D0F9E
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8D, 8D]
.text F:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 056D0025
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 056C0F86
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 056C0FA1
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 056C0000
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 056C0FE3
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 056C0011
.text F:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 056C0FD2
.text F:\WINDOWS\System32\svchost.exe[1444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02AC0FEF
.text F:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 02AF001B
.text F:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 02AF000A
.text F:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 02AF002C
.text F:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02AF0047
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007D0000
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007D0098
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007D007D
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007D0062
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007D0FAF
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007D0036
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007D00C4
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007D00B3
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D0F4D
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D00E6
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007D0F32
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007D0051
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007D0011
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007D0F88
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007D0FCA
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007D0FDB
.text F:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007D00D5
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FD4
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C0073
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0025
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0FEF
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007C0058
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007C000A
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 007C0047
.text F:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007C0036
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0F78
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B0F89
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0FAB
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0F9A
.text F:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0FC6
.text F:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0000
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0000
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE0F8F
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0084
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0069
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0058
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE002C
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE0F6D
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE0F7E
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE0F41
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE00DA
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EE0F30
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EE0047
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EE0FDB
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EE00A9
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EE0FCA
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EE0011
.text F:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EE0F5C
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00ED0FCA
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00ED0F9B
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00ED0FE5
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00ED0011
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00ED0062
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00ED0000
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00ED0051
.text F:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00ED0036
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC0FD2
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0053
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC001D
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0FEF
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC0042
.text F:\WINDOWS\system32\svchost.exe[1536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC000C
.text F:\WINDOWS\system32\svchost.exe[1536] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F72
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F4005D
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F4004C
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F4002F
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40F9E
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F400A9
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F57
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F2B
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F3C
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40F06
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40F8D
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FDE
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40082
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F4000A
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FB9
.text F:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F400BA
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FC3
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30F8A
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FD4
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30FEF
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30051
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F3000A
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F30036
.text F:\WINDOWS\System32\svchost.exe[1824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30025
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C004C
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FC1
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C001D
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0000
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0FD2
.text F:\WINDOWS\System32\svchost.exe[1824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FE3
.text F:\WINDOWS\System32\svchost.exe[1824] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF
.text f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90051
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F5C
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F6D
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90036
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9001B
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F1D
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F3A
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90EE0
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90EFB
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B9008A
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F94
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FEF
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4B
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FB9
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FCA
.text F:\WINDOWS\system32\svchost.exe[2080] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F0C
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FCA
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B8007D
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B8001B
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80000
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80062
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FE5
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80047
.text F:\WINDOWS\system32\svchost.exe[2080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B80036
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FB7
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70038
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70FD2
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70027
.text F:\WINDOWS\system32\svchost.exe[2080] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FEF
.text F:\Program Files\Mozilla Firefox\firefox.exe[2372] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00FE737C F:\Documents and Settings\All Users\proto.dll
.text F:\Program Files\Mozilla Firefox\firefox.exe[2372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FE6064 F:\Documents and Settings\All Users\proto.dll
.text F:\Program Files\Mozilla Firefox\firefox.exe[2372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FE6620 F:\Documents and Settings\All Users\proto.dll
.text F:\Program Files\Mozilla Firefox\firefox.exe[2372] WS2_32.dll!WSAAsyncSelect 71AC0991 5 Bytes JMP 00FE7218 F:\Documents and Settings\All Users\proto.dll
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01870FEF
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01870067
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01870F68
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01870F83
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01870040
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0187002F
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01870F46
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01870F57
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018700CE
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 018700BD
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 018700DF
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01870F9E
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01870000
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01870078
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01870FB9
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01870FCA
.text F:\WINDOWS\Explorer.EXE[2876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01870F35
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0186002C
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01860F9B
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01860FDB
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01860011
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01860058
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01860000
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01860FB6
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A6, 89]
.text F:\WINDOWS\Explorer.EXE[2876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01860047
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0165004C
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!system 77C293C7 5 Bytes JMP 01650FC1
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0165000C
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01650FEF
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01650031
.text F:\WINDOWS\Explorer.EXE[2876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01650FD2
.text F:\WINDOWS\Explorer.EXE[2876] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 01640FEF
.text F:\WINDOWS\Explorer.EXE[2876] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01640000
.text F:\WINDOWS\Explorer.EXE[2876] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01640025
.text F:\WINDOWS\Explorer.EXE[2876] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01640036
.text F:\WINDOWS\Explorer.EXE[2876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 018D0000

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EE4B9A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5C51D8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 8A3CC1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5C71D8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5C71D8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5C71D8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5C71D8
Device \Driver\usbehci \Device\USBPDO-1 8A3C01D8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A55A1D8
Device \Driver\Cdrom \Device\CdRom0 8A3AE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A55A1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{48F6B4B8-DDDA-45F3-95FD-DF58CDC6C259} 8920A1D8
Device \Driver\Cdrom \Device\CdRom1 8A3AE1D8
Device \Driver\Cdrom \Device\CdRom2 8A3AE1D8
Device \Driver\nvata \Device\00000082 8A5C61D8
Device \Driver\nvata \Device\00000083 8A5C61D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8920A1D8
Device \Driver\NetBT \Device\NetbiosSmb 8920A1D8
Device \Driver\00000030 \Device\0000005b sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbohci \Device\USBFDO-0 8A3CC1D8
Device \Driver\usbehci \Device\USBFDO-1 8A3C01D8
Device \Driver\nvata \Device\NvAta0 8A5C61D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892081D8
Device \Driver\nvata \Device\NvAta1 8A5C61D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{950188C6-89BF-467A-A60A-DB1CA3509139} 8920A1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892081D8
Device \Driver\Ftdisk \Device\FtControl 8A55A1D8
Device \Driver\agnkej8y \Device\Scsi\agnkej8y1 8A3661D8
Device \Driver\agnkej8y \Device\Scsi\agnkej8y1Port4Path0Target0Lun0 8A3661D8
Device \FileSystem\Cdfs \Cdfs 891E7980

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1548688152
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1130124965
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 F:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0x32 0xAC 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xF5 0x77 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x48 0x5E 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 F:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0x32 0xAC 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6B 0xF5 0x77 0xF4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCB 0x48 0x5E 0x56 ...

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:23 AM

Posted 13 May 2009 - 03:10 PM

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 tameanaka

tameanaka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 13 May 2009 - 07:10 PM

GooredFix v1.92 by jpshortstuff
Log created at 19:09 on 13/05/2009 running Option #1 (Bunny)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="F:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="F:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="F:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:23 AM

Posted 14 May 2009 - 10:17 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 tameanaka

tameanaka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 May 2009 - 09:54 PM

ComboFix 09-05-14.03 - Bunny 05/14/2009 21:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -5:00]
Running from: f:\documents and settings\Bunny\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Bunny\Application Data\inst.exe
f:\documents and settings\Bunny\Application Data\Microsoft\Windows\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-13 02:39 . 2009-05-13 02:39 -------- d-----w F:\WTablet
2009-05-12 00:50 . 2009-05-12 00:50 578560 -c--a-w f:\windows\system32\dllcache\user32.dll
2009-05-12 00:49 . 2009-05-12 00:49 -------- d-----w f:\windows\ERUNT
2009-05-12 00:48 . 2009-05-12 00:48 -------- d-----w f:\documents and settings\Bunny\DoctorWeb
2009-05-12 00:37 . 2009-05-12 00:37 -------- d-----w f:\program files\Trend Micro
2009-05-10 22:01 . 2009-05-10 22:01 -------- d-----w f:\program files\Lavasoft
2009-05-10 22:01 . 2009-05-12 01:21 -------- d-----w f:\documents and settings\All Users\Application Data\Lavasoft
2009-04-16 01:17 . 2009-03-06 14:22 284160 -c----w f:\windows\system32\dllcache\pdh.dll
2009-04-16 01:17 . 2009-02-09 12:10 401408 -c----w f:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:17 . 2009-02-06 11:11 110592 -c----w f:\windows\system32\dllcache\services.exe
2009-04-16 01:17 . 2009-02-09 12:10 473600 -c----w f:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:17 . 2009-02-06 10:10 227840 -c----w f:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:17 . 2009-02-09 12:10 453120 -c----w f:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:17 . 2009-02-09 12:10 729088 -c----w f:\windows\system32\dllcache\lsasrv.dll
2009-04-16 01:17 . 2009-02-09 12:10 617472 -c----w f:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:17 . 2009-02-09 12:10 714752 -c----w f:\windows\system32\dllcache\ntdll.dll
2009-04-16 01:16 . 2008-05-03 11:55 2560 ------w f:\windows\system32\xpsp4res.dll
2009-04-16 01:16 . 2008-04-21 12:08 215552 -c----w f:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 01:21 . 2008-10-26 22:31 -------- d-----w f:\program files\Common Files\Wise Installation Wizard
2009-04-26 14:38 . 2008-08-28 02:30 -------- d-----w f:\program files\DVDFab 5
2009-04-17 23:52 . 2008-08-27 23:25 -------- d-----w f:\program files\McAfee
2009-04-04 19:00 . 2009-04-04 18:59 -------- d-----w f:\program files\iTunes
2009-04-04 18:59 . 2009-04-04 18:59 -------- d-----w f:\program files\iPod
2009-04-04 18:59 . 2008-09-01 00:50 -------- d-----w f:\program files\Common Files\Apple
2009-04-04 18:59 . 2009-04-04 18:59 -------- d-----w f:\program files\Bonjour
2009-04-04 18:58 . 2009-04-04 18:58 -------- d-----w f:\program files\QuickTime
2009-04-04 15:31 . 2008-08-28 02:39 102768 ----a-w f:\documents and settings\Bunny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 15:14 . 2009-04-04 15:14 -------- d-----w f:\program files\MSBuild
2009-04-04 15:14 . 2009-04-04 15:14 -------- d-----w f:\program files\Reference Assemblies
2009-04-04 15:00 . 2008-08-28 03:11 -------- d-----w f:\program files\Java
2009-03-29 13:58 . 2009-03-29 13:58 -------- d-----w f:\program files\Spybot - Search & Destroy
2009-03-26 23:06 . 2008-11-17 22:50 -------- d-----w f:\program files\abgx360
2009-03-25 16:06 . 2008-08-27 23:25 40552 ----a-w f:\windows\system32\drivers\mfesmfk.sys
2009-03-25 16:06 . 2008-08-27 23:25 35272 ----a-w f:\windows\system32\drivers\mfebopk.sys
2009-03-25 16:06 . 2008-08-27 23:25 79880 ----a-w f:\windows\system32\drivers\mfeavfk.sys
2009-03-25 16:06 . 2008-08-27 23:25 214024 ----a-w f:\windows\system32\drivers\mfehidk.sys
2009-03-25 16:05 . 2008-08-27 23:25 34216 ----a-w f:\windows\system32\drivers\mferkdk.sys
2009-03-23 08:27 . 2009-03-23 08:27 747566 ----a-w f:\windows\system32\abgx360.exe
2009-03-12 22:40 . 2009-03-12 22:40 323584 ----a-w f:\windows\system32\AUDIOGENIE2.DLL
2009-03-09 10:19 . 2008-12-10 21:58 410984 ----a-w f:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-03 22:56 284160 ----a-w f:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-03 22:56 666112 ----a-w f:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-03 22:56 81920 ----a-w f:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"WMPNSCFG"="f:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"IMJPMIG8.1"="f:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="f:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="f:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="f:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="f:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeCS4ServiceManager"="f:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="f:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"CTHelper"="CTHELPER.EXE" - f:\windows\system32\CtHelper.exe [2008-06-27 19456]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - f:\windows\KHALMNPR.Exe [2008-02-29 76304]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-28 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w f:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"f:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 IntuitUpdateService;Intuit Update Service;f:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 TabletServicePen;TabletServicePen;f:\windows\system32\Pen_Tablet.exe [9/28/2008 7:38 PM 3032360]
R3 COMMONFX.SYS;COMMONFX.SYS;f:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;f:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;f:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
R3 portio32;portio32;f:\windows\system32\drivers\portio32.sys [3/26/2009 6:21 PM 2048]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;f:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 COMMONFX;COMMONFX;f:\windows\system32\drivers\COMMONFX.sys [6/27/2008 7:21 PM 99352]
S3 CTAUDFX;CTAUDFX;f:\windows\system32\drivers\CTAUDFX.sys [6/27/2008 7:21 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;f:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTERFXFX;CTERFXFX;f:\windows\system32\drivers\CTERFXFX.sys [6/27/2008 7:21 PM 100888]
S3 CTSBLFX;CTSBLFX;f:\windows\system32\drivers\CTSBLFX.sys [6/27/2008 7:21 PM 566296]
S3 uisp;Motorola USB ICP driver;f:\windows\system32\Drivers\usbicp.sys --> f:\windows\system32\Drivers\usbicp.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;f:\windows\system32\drivers\wacmoumonitor.sys [9/28/2008 7:38 PM 15144]
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2008-08-27 f:\windows\Tasks\McDefragTask.job
- f:\program files\mcafee\mqc\QcConsol.exe [2008-08-27 15:53]

2008-09-01 f:\windows\Tasks\McQcTask.job
- f:\program files\mcafee\mqc\QcConsol.exe [2008-08-27 15:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MediaPortal - f:\program files\Team MediaPortal\MediaPortal\MediaPortal.exe
HKCU-Run-DiskChk help - f:\documents and settings\All Users\proto.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-WinampAgent - f:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {950188C6-89BF-467A-A60A-DB1CA3509139} = 68.87.72.130,68.87.75.194
FF - ProfilePath - f:\documents and settings\Bunny\Application Data\Mozilla\Firefox\Profiles\6klcctmu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: f:\documents and settings\Bunny\Application Data\Mozilla\Firefox\Profiles\6klcctmu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
f:\windows\system32\Ati2evxx.dll
f:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
f:\program files\common files\logishrd\bluetooth\LBTServ.dll
f:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-05-15 21:53
ComboFix-quarantined-files.txt 2009-05-15 02:52

Pre-Run: 118,568,189,952 bytes free
Post-Run: 118,555,672,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

184 --- E O F --- 2009-05-13 00:46

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:23 AM

Posted 15 May 2009 - 09:29 AM

How is your computer behaving now?
Are you still getting redirected?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:23 AM

Posted 29 May 2009 - 12:26 PM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users